Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not sure why someone should use this; adding value-transforming functions is trivial in sqlite. Here's what's being proposed instead:

1) poc solution without unit-tests whatsoever

2) bugs like "milisecond" instead of "millisecond" due to lack of purpose

3) no error handling ("todo") or panics in sqlite (due to unwrap)

4) advocates for enabling load_extension, which makes applications vulnerable



This isn't a complete extension, as mentioned in the README several times. I wanted a poc to use the new jiff library in SQL functions to test if it works. It did, so I put it in a repo for others to see. Definitely not production ready, it will change a lot in the future.

Also one note: load_extension isn't required, you can statically compile this and other extensions into an application. That being said, load_extension itself doesnt make your application 'vulnerable.' SQLite offers many features to limit and control dynamically loadable extensions, like sqlite3_enable_load_extension() and SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. Of course it depends what your definition of "security" is, but load_extension() doesn't need to be dangerous.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: