Open davidkaufman opened 10 months ago
I am loading sqlite extensions at connection time using the db.loadExtension() API but would rather use the SQL load_extension() function to load them at runtime.
db.loadExtension()
literally calls load_extension()
SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION
is also set (else db.loadExtension()
wouldn't work)
I'm confused what you actually want, maybe you can give a code example of the new API that you are suggesting? What exactly are you missing that you cannot do right now?
Hi @Prinzhorn thanks for the reply!
What I meant was I'd like to allow our users to load any extension (at any time) by calling the SQL function from within a sql query, e.g.:
SELECT load_extension('./re.so');
currently, issuing a sql query that calls this function results in the error:
- SqliteError: not authorized
To allow the use the load_extension() inside a SQL command the docs linked above say you have to:
Call the sqlite3_enable_load_extension() routine with
onoff==1
so apparently better-sqlite3
isn't passing that onoff
parameter, which defaults to 0
Oh, thanks for clarifying, I didn't pay enough attention. Makes sense that you could optionally enable that for a Database
instance.
Hi!
I am loading sqlite extensions at connection time using the db.loadExtension() API but would rather use the SQL load_extension() function to load them at runtime.
As the SQLite docs above say say, allowing users to call this function in SQL is disabled by default, as it opens up a potential SQL injection vulnerability. Is there a way to call this sqlite C-API function below to re-enable it for use through
better-sqlite3
?https://www.sqlite.org/c3ref/enable_load_extension.html
Thanks in advance!