Reputation: 14452
Can SQLITE database files used for attacking?
I'm implementing a client to a web service that offers multiple download options - CSV, JSON, Parquet and SQLITE ".db". The response data set has a small number of tabular data sets. SQLite is a good fit, as it eliminates the need to upload the individual tabular data set into a database for efficient join queries.
I'm concerned about protecting against insufficient data from the service.
Technically, is it possible to trigger attack on programs that read the SQLITE database (from embedding a virus)? I believe CSV, JSON, and the parquet can be read safely (most parsers will handle buffer overflows, nulls, etc.). The SQLite database is much more complex. Can it carry and force execution of malicious code on readers? I intend to open the file RO and only do a select statement from a Python client.
For reference: The SQLite site security page discusses some of those questions.
Upvotes: 0
Views: 180
Answers (0)
Related Questions
- How do I unlock an SQLite database?
- Version of SQLite used in Android
- How do I rename a column in an SQLite database table?
- How can I list the tables in a SQLite database file that was opened with ATTACH?
- How can I avoid concurrency problems when using SQLite on Android?
- Does it matter what extension is used for SQLite database files?
- How can I create a sqlite database file to be returned by a webservice
- Database solution for client server application with encrypted database?