When I use the flash.data routines to issue a SQLite "PRAGMA encoding" statement, I get an error suggesting that this isn't supported:
'Error #3115: SQL Error.', details:'PRAGMA is not allowed in SQL.', operation:'execute', detailID:'2005
Is there a workaround?
In a word no. See for supported and unsupported features.
http://help.adobe.com/en_US/as3/dev/WSd47bd22bdd97276f1365b8c112629d7c47c-8000.html#WSd47bd22bdd97276f-5741a41a1262b2de46b-8000.
However on that page however you will see...
System table access is not available
The system tables including sqlite_master and other tables with the "sqlite_" prefix are not available in SQL statements. The runtime includes a schema API that provides an object-oriented way to access schema data. For more information see the SQLConnection.loadSchema() method.
For a more detailed help in using loadSchema have a look at,
http://gmarius.posterous.com/a-test-33
and consider using,
http://sqlitebrowser.sourceforge.net/ In fact
Related
I am not exactly sure why this schema is been searched for. Any flyway experts who worked with vertica ?
Even though the information_schema is defined as a standard implemented by most RDBMSs like MySQL, it is not implemented by Vertica.
In Vertica, the information_schema equivalent SQL structure is the v_catalog SQL schema.
The error returned by the Vertica JDBC driver means you are querying erroneously the information_schema. If you are not doing it yourself, it may be a library you're using inadequately (ex : Hibernate would query the information_schema).
We have a .Net 4.0 project that is being scanned by Veracode in order to acquire security certification.
During static scan the following vulnerability has been found:
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE ID 89) See details at https://cwe.mitre.org/data/definitions/89.html
The report details file & line number that seems to refer to Dapper:
OurOwnDll.dll dev/.../dapper net40/sqlmapper.cs 1138
App_Browsers.dll dev/.../sqlmapperasync.cs 126
OurOwnDll is using Dapper.
App_Browsers.dll I´m not aware where it is coming from, but seems to be related to the site project, and seems to be related to the browsers capabilities detection of asp.net.
I would like to know if there is any way to prevent this vulnerability.
I am not familiar with VeraCode, however as pointed out by #Kristen Waite Jukowski, your issue may be due to the fact that some of your queries are not parameterised, in which case they are correctly being identified as vulnerable to SQL injection.
Alternatively, a similar question (relating to the same issue but with OrmLite) may shed some light on this. Similar to OrmLite, as dapper provides the facility to write raw SQL queries that could be composed with inputs that are not parameterised (for example by string concatenation), using it may be deemed a vulnerability, even if every query in your particular project is currently fully parameterised. The answer to that question (which may not be viable in your case) was to replace the existing ORM with Entity Framework:
During a code-readout with VeraCode the suggested proper remediation
was to replace ServiceStack ORM with EntityFramework 6.1.
From the comments in that question:
The difference is in EF, the executing context implements IDbCommand
but the CreateDataAdapter and other api's that can allow dynamic sql
have been implemented to throw exceptions. There are no code paths in
EF that allow dynamic sql without first going through a filtering
mechanism similar to OWASP.
I have setup a linked server in SQL Server 2008 R2 in order to access an Oracle 11g database. The MSDASQL provider is used to connect to the linked server through the Oracle Instant Client ODBC driver. The connection works well when using the OPENQUERY with the below syntax:
SELECT *
FROM OPENQUERY(LINKED_SERVER, 'SELECT * FROM SCHEMA.TABLE')
However, went I try to use a four part name using the below syntax:
SELECT *
FROM LINKED_SERVER..SCHEMA.TABLE
I receive the following error:
Msg 7318, Level 16, State 1, Line 1
The OLE DB provider "MSDASQL" for linked server "LINKED_SERVER" returned an invalid column definition for table ""SCHEMA"."TABLE"".
Does anyone have any insight on what my be causing the four part name query to fail while the OPENQUERY one works without any problems?
The correct path to follow is to use OPENQUERY function because your linked server is Oracle: the four name syntax will work fine for MSSQL servers, essentially because they understand T-SQL.
With very simple queries, a 4 part name can accidentally work but not often if you are in a real scenario. In your case, the SELECT * is returning all the columns, and in your case one of the column definition is not compatible with SQL Server. Try another table or try to select a single simple column (e.g. a CHAR or a NUMBER), maybe it will work without problem.
In any case, using distributed queries can be tricky sometime. Database itself does some optimizations before executing commands, so it is important for the database to know what it can do and what it can't. If the DB thinks the linked server is MSSQL, it will take some action that may not work with Oracle.
When using four part name syntax with a linked DB different from MSSQL, you will have other problems as well, for example using database builtin functions (i.e. to_date() Oracle function will not work because MSSQL would want to use its own convert() function, and so on).
So again, if the linked server is not a MSSQL, the right choice is to use OPENQUERY and passing it a query that use a syntax valid against the linked server SQL dialect.
If you use the OLEDB provider for Oracle you can query without using openquery
I use the sqlite database schema version.
PRAGMA schema_version;
It helps me control upgrades and prevents user from modifying the schema and then reporting a flood of irreproducible bugs.
However, I find the version increments far more often that I expect.
" It is incremented by SQLite whenever the database schema is modified (by creating or dropping a table or index). " http://www.sqlite.org/pragma.html#pragma_schema_version
In particular when I simply connect and disconnect from sqlitestudio, even though I do not change the schema in any way.
Is there any way of preventing this happening ( or at least understanding what is going on ) ?
I have a sqlite database that I want to open using sqlite3.exe. Now I get an error when I try to make queries, saying "file is encrypted or is not a database". This may seem stupid but I've been looking around on internet and I just don't find how to supply a password (or key) to sqlite3.exe to decrypt the database. The -help option or .help command of sqlite3.exe don't show anything to do that... Is it possible to do that, and if so how can I do it?
It is unlikely that the database would be encrypted, unless you have a reason to believe it is. Are you able to open the database at all, or are you getting this error once you issue some SQL query? If it's the former, your file is probably either not an sqlite db to begin with, or it is corrupted; if it's the latter, please check the integrity of your db with:
pragma integrity_check;
See http://www.sqlite.org/pragma.html#pragma_integrity_check for more info about this pragma.
In any case, unless your db is really encrypted (which sqlite does not support natively), your db is probably unusable.
SQLite reports that error when you pass it a file which is either not actually a SQLite database, or alternatively has been corrupted. There are several SQLite addons to support encryption, but other than that SQLite doesn't have encryption.
It can also happen when you try and open a SQLite v3 database with SQLite v2 (and possibly for other version mismatches).
Assuming you have experienced corruption (and not just passing the wrong file, or using the wrong version of SQLite), you may want to check the PRAGMA synchronous settings you're using, and also review the list of fixed data-corrupting bugs.
Checkout this this forum here. The guy had the same question as you. The thing is that there is not any form of protection offered as a standard package in sqlite3 API, but you can try System.Data.SQLite. These are the codes posted on the forum:
#include <SQLite.au3> don't include sqlite.dll.au3 !!!
_SQLite_Startup ("System.Data.SQLite.dll")
ConsoleWrite(_SQLite_LibVersion() & #LF)
_SQLite_Open("testcrypt.db")
_SQLite_Exec(-1, "pragma key = 'Radu is happy!';create table if not exists test (id integer, val text);" & _
"insert into test values (1, 'abc');")
Local $row
_SQLite_QuerySingleRow(-1, "select * from test;", $row)
ConsoleWrite($row[1] & #LF)
_SQLite_Close()
_SQLite_Shutdown()
hope that helps.