1.Dd March 11, 2017 2.Dt SQLITE3_SET_AUTHORIZER 3 3.Os 4.Sh NAME 5.Nm sqlite3_set_authorizer 6.Nd Compile-Time Authorization Callbacks 7.Sh SYNOPSIS 8.Ft int 9.Fo sqlite3_set_authorizer 10.Fa "sqlite3*" 11.Fa "int (*xAuth)(void*,int,const char*,const char*,const char*,const char*)" 12.Fa "void *pUserData " 13.Fc 14.Sh DESCRIPTION 15This routine registers an authorizer callback with a particular database connection, 16supplied in the first argument. 17The authorizer callback is invoked as SQL statements are being compiled 18by sqlite3_prepare() or its variants sqlite3_prepare_v2(), 19sqlite3_prepare16() and sqlite3_prepare16_v2(). 20At various points during the compilation process, as logic is being 21created to perform various actions, the authorizer callback is invoked 22to see if those actions are allowed. 23The authorizer callback should return SQLITE_OK to allow the 24action, SQLITE_IGNORE to disallow the specific action 25but allow the SQL statement to continue to be compiled, or SQLITE_DENY 26to cause the entire SQL statement to be rejected with an error. 27If the authorizer callback returns any value other than SQLITE_IGNORE, 28SQLITE_OK, or SQLITE_DENY then the sqlite3_prepare_v2() 29or equivalent call that triggered the authorizer will fail with an 30error message. 31.Pp 32When the callback returns SQLITE_OK, that means the operation 33requested is ok. 34When the callback returns SQLITE_DENY, the sqlite3_prepare_v2() 35or equivalent call that triggered the authorizer will fail with an 36error message explaining that access is denied. 37.Pp 38The first parameter to the authorizer callback is a copy of the third 39parameter to the sqlite3_set_authorizer() interface. 40The second parameter to the callback is an integer action code 41that specifies the particular action to be authorized. 42The third through sixth parameters to the callback are zero-terminated 43strings that contain additional details about the action to be authorized. 44.Pp 45If the action code is SQLITE_READ and the callback returns 46SQLITE_IGNORE then the prepared statement 47statement is constructed to substitute a NULL value in place of the 48table column that would have been read if SQLITE_OK had been 49returned. 50The SQLITE_IGNORE return can be used to deny an untrusted 51user access to individual columns of a table. 52If the action code is SQLITE_DELETE and the callback returns 53SQLITE_IGNORE then the DELETE operation proceeds 54but the truncate optimization is disabled and 55all rows are deleted individually. 56.Pp 57An authorizer is used when preparing SQL statements from 58an untrusted source, to ensure that the SQL statements do not try to 59access data they are not allowed to see, or that they do not try to 60execute malicious statements that damage the database. 61For example, an application may allow a user to enter arbitrary SQL 62queries for evaluation by a database. 63But the application does not want the user to be able to make arbitrary 64changes to the database. 65An authorizer could then be put in place while the user-entered SQL 66is being prepared that disallows everything except SELECT 67statements. 68.Pp 69Applications that need to process SQL from untrusted sources might 70also consider lowering resource limits using sqlite3_limit() 71and limiting database size using the max_page_count PRAGMA 72in addition to using an authorizer. 73.Pp 74Only a single authorizer can be in place on a database connection at 75a time. 76Each call to sqlite3_set_authorizer overrides the previous call. 77Disable the authorizer by installing a NULL callback. 78The authorizer is disabled by default. 79.Pp 80The authorizer callback must not do anything that will modify the database 81connection that invoked the authorizer callback. 82Note that sqlite3_prepare_v2() and sqlite3_step() 83both modify their database connections for the meaning of "modify" 84in this paragraph. 85.Pp 86When sqlite3_prepare_v2() is used to prepare a 87statement, the statement might be re-prepared during sqlite3_step() 88due to a schema change. 89Hence, the application should ensure that the correct authorizer callback 90remains in place during the sqlite3_step(). 91.Pp 92Note that the authorizer callback is invoked only during sqlite3_prepare() 93or its variants. 94Authorization is not performed during statement evaluation in sqlite3_step(), 95unless as stated in the previous paragraph, sqlite3_step() invokes 96sqlite3_prepare_v2() to reprepare a statement after a schema change. 97.Sh SEE ALSO 98.Xr sqlite3 3 , 99.Xr sqlite3_stmt 3 , 100.Xr sqlite3_limit 3 , 101.Xr sqlite3_prepare 3 , 102.Xr sqlite3_step 3 , 103.Xr SQLITE_CREATE_INDEX 3 , 104.Xr SQLITE_DENY 3 , 105.Xr SQLITE_OK 3 , 106.Xr SQLITE_CREATE_INDEX 3 107