Author erlendaasland
Recipients berker.peksag, christian.heimes, erlendaasland
Date 2021-04-07.11:36:12
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1617795372.37.0.944356546491.issue43763@roundup.psfhosted.org>
In-reply-to
Content
Quoting from the SQLite docs:
"It is recommended that extension loading be enabled using the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method rather than this interface, so the load_extension() SQL function remains disabled. This will prevent SQL injections from giving attackers access to extension loading capabilities."

Suggesting to make sqlite3.Connection.enable_load_extension a module level function, and use sqlite3_db_config() iso. sqlite3_enable_load_extension(). We could add an optional argument for also enabling the SQL function.

1. Introduce sqlite3.enable_load_extension(enable, /, enable_sql_api=False)
2. Add deprecation warning to sqlite3.Connection.enable_load_extension()
3. In Python 3.12, remove sqlite3.Connection.enable_load_extension()
History
Date User Action Args
2021-04-07 11:36:12erlendaaslandsetrecipients: + erlendaasland, christian.heimes, berker.peksag
2021-04-07 11:36:12erlendaaslandsetmessageid: <1617795372.37.0.944356546491.issue43763@roundup.psfhosted.org>
2021-04-07 11:36:12erlendaaslandlinkissue43763 messages
2021-04-07 11:36:12erlendaaslandcreate