|SQLite Fixes Security Flaw|
|Written by Kay Ewbank|
|Tuesday, 26 May 2020|
SQLite has been updated twice in quick succession, firstly a planned release that adds support for approximate Analyze using the Pragma analysis_limit command, then an update to fix a longstanding flaw that allows malicious SQL statements to crash the process running SQLite.
SQLite is an in-process library that implements a self-contained, serverless, transactional SQL database engine. It supports full text search and has extensions offering JSON support. The entire SQL database with multiple tables, indexes, triggers, and views, is contained in a single disk file. The developers say SQLite is the most used database engine in the world, as it is built into all mobile phones, major web browsers and most operating systems.
The unscheduled release is version 3.321, and fixes two long-standing bugs that allow malicious SQL statements to crash the process that is running SQLite. These bugs were announced by a third-party approximately 24 hours after the 3.32.0 release but are not specific to the 3.32.0 release.
The 3.32 release improvements include the addition of an approximate analyze. By default, the Analyze command carries out a full scan of every index. This can be slow for large databases, so you can now use the Pragma analysis_limit command to limit the amount of scanning performed by Analyze, so it will run faster, even on very large database files. Pragma statements are SQL extensions specific to SQLite The Analyze Pragma lets you set a limit for the approximate number of rows examined in each index by the Analyze command. The results of analysis are not as good when only part of each index is examined, but the results are usually good enough. Setting N to 100 or 1000 allows the Analyze command to run very quickly, even on multi-gigabyte database files.
Other improvements to the release include support for SQL's Iif statement, and a change to the Insert and Update statements so that they now always apply column affinity before computing Check constraints.
or email your comment to: firstname.lastname@example.org