SQLite Fixes Security Flaw
Written by Kay Ewbank   
Tuesday, 26 May 2020

SQLite has been updated twice in quick succession, firstly a planned release that adds support for approximate Analyze using the Pragma analysis_limit command, then an update to fix a longstanding flaw that allows malicious SQL statements to crash the process running SQLite. 

SQLite is an in-process library that implements a self-contained, serverless, transactional SQL database engine. It supports full text search and has extensions offering JSON support. The entire SQL database with multiple tables, indexes, triggers, and views, is contained in a single disk file. The developers say SQLite is the most used database engine in the world, as it is built into all mobile phones, major web browsers and most operating systems. 

sqliteThe unscheduled release is version 3.321, and fixes two long-standing bugs that allow malicious SQL statements to crash the process that is running SQLite. These bugs were announced by a third-party approximately 24 hours after the 3.32.0 release but are not specific to the 3.32.0 release.

The 3.32 release improvements include the addition of an approximate analyze. By default, the Analyze command carries out a full scan of every index. This can be slow for large databases, so you can now use the Pragma analysis_limit command to limit the amount of scanning performed by Analyze, so it will run faster, even on very large database files. Pragma statements are SQL extensions specific to SQLite The Analyze Pragma lets you set a limit for the approximate number of rows examined in each index by the Analyze command. The results of analysis are not as good when only part of each index is examined, but the results are usually good enough. Setting N to 100 or 1000 allows the Analyze command to run very quickly, even on multi-gigabyte database files.

Other improvements to the release include support for SQL's Iif statement, and a change to the Insert and Update statements so that they now always apply column affinity before computing Check constraints.


More Information

SQLite Site

Related Articles

SQLite Improves Nulls Support

SQLite Introduces Vacuum Into

SQLite Adds Zipfile Support

SQLite 3.20 Improves Query Planner

SQLite 3.17 Adds SHA1 Extensions 

SQLite 3.16 Adds Pragma Functions  

SQLite 3.15 Adds Row Value Support

Portable Version Of DB Browser For SQLite

SQLite 3.9 

SQLite Updated

LiteCLI - SQLite Client with Autocomplete


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Amazon Previews Q, Its AI-Powered Assistant

Amazon has announced Q, a generative artificial intelligence powered assistant that can be tailored to the data in a specific organization.

AWS Lambda Adopts Java 21

AWS Lambda functions can now use all the new and useful language features as well as performance improvements introduced in Java 21 as part of the Amazon Corretto JDK implementation.

More News




or email your comment to: comments@i-programmer.info