sysreq.html

sqlite的帮助文档

</p><blockquote><b>S60600:</b>
  The SQLite library shall provide interfaces that allow an application
  to discover relationships between SQLite objects.
</blockquote>
<h2>7.0 Features to promote safe and robust application coding practices</h2>
<a name="S70000"></a>
<p>
  Many applications need to be able to safely process data or
  even SQL statements that are received from untrusted sources.
  An "SQL Injection Attack" occurs when an adversary intentionally
  introduces data that is designed to have undesirable side effects
  on the database files.  For example, suppose an application generates
  an INSERT statement as follows:</p>
  
  <blockquote><pre>
  snprintf(z, n, "INSERT INTO table1 VALUES('%s')", zUserData);
  </pre></blockquote>
  
  <p>If a hostile user supplies data that reads:</p>
  
  <blockquote><pre>
  beginning'); DELETE FROM table1; INSERT INTO table1 VALUES('
  </pre></blockquote>
  
  <p>Then the constructed INSERT statement would be transformed into
  three statements, the second of which is an undesired deletion of
  all prior content from the table.  SQLite contains interfaces that
  are designed to help applications avoid SQL injection attacks and
  similar problems.
</p><blockquote><b>S70000:</b>
  The SQLite library shall provide interfaces that promote the safe
  construction and processing of SQL statements and data from
  untrusted sources.
</blockquote><a name="S70100"></a>
<p>
  Some applications (for example
  <a href="http://www.cvstrac.org/">CVSTrac</a> and
  <a href="http://www.fossil-scm.org/">Fossil</a>) will run SELECT
  statements entered by anonymous users on the internet.  Such 
  applications want to be able to guarantee that a hostile users does
  not access restricted tables (such as the PASSWORD column of the USER
  table) or modify the database in any way.  SQLite supports the ability
  to analyze an arbitrary SQL statement to insure that it does not
  perform undesired operations.
</p><blockquote><b>S70100:</b>
  The SQLite library shall provide the application means by which the
  application can test and enforce compliance with database access
  policies for any particular SQL statement.
</blockquote><a name="S70200"></a>
<p>
  <p>Applications such as the command-line interface (CLI) for SQLite
  will prompt the user to enter SQL statements and will evaluate those
  statements as they are entered.  But sometimes an SQL statement spans
  multiple lines.  The CLI needs to know to issue a continuation prompt
  and await additional input if the input received so far is incomplete.
  SQLite supports interfaces that allow the CLI and similar applications
  to know if the input it has gathered so far is complete or if it needs
  to await additional input before processing the SQL.
</p><blockquote><b>S70200:</b>
  The SQLite library shall provide interfaces that test to see if an
  SQL statement being received incrementally is complete.
</blockquote><a name="S70300"></a>
<p>
  The concept of a "prepared statement" allows an SQL statement to be
  parsed and compiled once and then reused many times.  This is a performance
  advantage in many applications.  In addition, binding values to variables
  in the prepared statement is safer than embedding values as literals because
  bound values do not need to be quoted in order to avoid an SQL injection
  attack.
</p><blockquote><b>S70300:</b>
  The SQLite library shall support prepared statement objects with
  late parameter binding
</blockquote>
<h2>8.0 Ductile Failure</h2>

<a name="S80000"></a>
<p>
  A common characteristic of digital systems (as opposed to analog
  systems) is that digital systems tend to be brittle.  In other words,
  digital systems tend to work perfectly with no sign of stress until 
  they fail utterly and completely.  The behavior is like a
  physical object that holds its shape as external
  loads increase, until it shatters without warning.</p>
  
  <p>In most circumstances, ductile failure is preferred over brittle
  failure.  A ductile device begins showing signs of
  trouble well in advance of failure.  Physical objects bend and/or crack,
  providing operators with warnings of overload and an opportunity
  to take corrective action, while continuing to function for as long
  as possible.</p>
  
  <p>Digital systems have a reputation for being brittle, yet brittleness
  is not an intrinsic property of digital systems.  Digital systems can
  be designed to continuing functioning outside their design parameters
  while providing operators with warning of possible trouble.  But there
  most be focused effort on the part of the designers to make digital
  systems ductile.  With analog systems, the ductileness tends to be
  inherent in the medium, but with digital systems ductileness needs
  to be explicitly added.
</p><blockquote><b>S80000:</b>
  SQLite shall exhibit ductile failure characteristics
</blockquote><a name="S80100"></a>
<p>
  SQLite strives to deal gracefully with anomalous behavior by
  the application or by its own internal subsystems.  Yet graceful
  handling of out-of-band inputs is of no value if the anomaly goes
  unreported.  The problems must be visible to the
  application so that warnings and alarms can be propagated to operators.
  The useful aspect of ductile failure is that it gives advance warning.
  Ductile behavior is of no use to anyone if nobody can see the part
  bending.
</p><blockquote><b>S80100:</b>
  SQLite shall make anomalies visible to the application
</blockquote>
<h2>9.0 Summary Of System Requirements</h2>

<p>The foregoing contained both system requirements and explanatory
text interspersed.  The following is a reproduction of the system
requirements without the explanatory text, as a convenient reference.
The top-level system requirements are shown first, followed by lower-level
system requirements that provide additional detail.</p>

<h3>9.1 Top-level System Requirements</h3>

<blockquote><b>S10000:</b>
  The SQLite library shall translate high-level SQL statements into
  low-level I/O calls to persistent storage.
</blockquote><blockquote><b>S20000:</b>
  The SQLite library shall be extensible and configurable.
</blockquote><blockquote><b>S30000:</b>
  The SQLite library shall be safe for use in long-running,
  low-resource, high-reliability applications.
</blockquote><blockquote><b>S40000:</b>
  The SQLite library shall be safe for use in applications that
  make concurrent access to the underlying database from different
  threads and/or processes.
</blockquote><blockquote><b>S50000:</b>
  The SQLite library shall be cross-platform.
</blockquote><blockquote><b>S60000:</b>
  The SQLite library shall provide introspection capabilities to the
  application.
</blockquote><blockquote><b>S70000:</b>
  The SQLite library shall provide interfaces that promote the safe
  construction and processing of SQL statements and data from
  untrusted sources.
</blockquote><blockquote><b>S80000:</b>
  SQLite shall exhibit ductile failure characteristics
</blockquote>

<h3>9.2 Derived System Requirements</h3>

<blockquote><b>S10100:</b>
  The SQLite library shall accepts a well-defined dialect of SQL
  that conforms to published SQL standards.
</blockquote><blockquote><b>S10110:</b>
  The SQLite library shall support BLOB, CLOB, integer, and floating-point
  datatypes.
</blockquote><blockquote><b>S10120:</b>
  The SQLite library shall implement the standard SQL interpretation
  of NULL values.
</blockquote><blockquote><b>S10200:</b>  
  The SQLite library shall communicate directly with database files
  in persistent storage.
</blockquote><blockquote><b>S10300:</b>
  The SQLite library shall implement ACID transactions.
</blockquote><blockquote><b>S10500:</b>
  The SQLite library shall implement transactions that are robust
  across application crashes, operating-system crashes, and power
  failures.
</blockquote><blockquote><b>S10600:</b>  
  The SQLite library shall support simultaneous access to multiple
  database files on the same database connection.
</blockquote><blockquote><b>S10700:</b>
  The SQLite library shall provide interfaces that allow the application
  to obtain the status and results of SQL operations.
</blockquote><blockquote><b>S20100:</b>
  The SQLite library shall provide interfaces that permit the application
  to override interfaces to the platform on which the application is running.
</blockquote><blockquote><b>S20110:</b>
  The SQLite library shall provide interfaces that permit the application
  to override the interfaces used to read and write persistent storage.
</blockquote><blockquote><b>S20120:</b>
  The SQLite library shall provide interfaces that permit the application
  to override the interfaces used for memory allocation.
</blockquote><blockquote><b>S20130:</b>
  The SQLite library shall provide interfaces that permit the application
  to override the interfaces used for controlling mutexes.
</blockquote><blockquote><b>S20200:</b>
  The SQLite library shall provide interfaces that permit the application
  to create new SQL functions.
</blockquote><blockquote><b>S20300:</b>
  The SQLite library shall provide interfaces that permit the application
  to create new text collating sequences.
</blockquote><blockquote><b>S20400:</b>
  The SQLite library shall provide interfaces that permit the application
  to create new classes of virtual SQL tables.
</blockquote><blockquote><b>S20500:</b>
  The SQLite library shall provide interfaces that permit the application
  to load extensions at run-time using shared libraries.
</blockquote><blockquote><b>S20600:</b>
  The SQLite library shall provide interfaces that permit the application
  to dynamically query and modify size limits.
</blockquote><blockquote><b>S30100:</b>
  The SQLite library shall release all system resources it holds
  when it is properly shutdown.
</blockquote><blockquote><b>S30200:</b>
  The SQLite library shall be configurable so that it is guaranteed
  to never fail a memory allocation as long as the application does
  not request resources in excess of reasonable and published limits.
</blockquote><blockquote><b>S30210:</b>
  The SQLite library shall be provide instrumentation that can alert
  the application when its resource usages nears or exceeds the limits
  of the memory breakdown guarantee.
</blockquote><blockquote><b>S30220:</b>
  The SQLite library shall be provide facilities to automatically
  recycle memory when usage nears preset limits.
</blockquote><blockquote><b>S30230:</b>
  The SQLite library shall be permit BLOB and CLOB objects to be
  read and written incrementally using small memory buffers.
</blockquote><blockquote><b>S30300:</b>
  When a memory allocation fails, SQLite shall either silently make
  due without the requested memory or else it shall report the error
  back to the application.
</blockquote><blockquote><b>S30400:</b>
  When a I/O operation fails, SQLite shall either silently 
  recover or else it shall report the error
  back to the application.
</blockquote><blockquote><b>S30500:</b>
  SQLite shall provide the capability to monitor
  the progress and interrupt the evaluation of a long-running query.
</blockquote><blockquote><b>S30600:</b>
  All unused portions of a well-formed SQLite database file shall
  be available for reuse.
</blockquote><blockquote><b>S30700:</b>
  SQLite shall provide the capability to incrementally decrease the
  size of the persistent storage file as information is removed from
  the database.
</blockquote><blockquote><b>S30800:</b>
  SQLite shall provide the interfaces that support testing and
  validation of the library code in an as-delivered configuration.
</blockquote><blockquote><b>S30900:</b>
  SQLite shall provide the ability for separate database connections
  within the same process to share resources.
</blockquote><blockquote><b>S40100:</b>
  The SQLite library shall be configurable to operate correctly in
  a multi-threaded application.
</blockquote><blockquote><b>S40200:</b>
  The SQLite library shall support multiple independent database
  connections per thread and per process.
</blockquote><blockquote><b>S40300:</b>
  The SQLite library shall automatically control access to common
  databases from different connections in different threads or processes.
</blockquote><blockquote><b>S40400:</b>
  The SQLite library shall notify the application if an operation can
  not be completed due to concurrent access constraints.
</blockquote><blockquote><b>S40410:</b>
  The SQLite library shall provide interfaces to assist the application
  in responding appropriately when an operation can
  not be completed due to concurrent access constraints.
</blockquote><blockquote><b>S50100:</b>
  The SQLite library shall be implemented in ANSI-C.
</blockquote><blockquote><b>S50200:</b>
  The SQLite library shall support text encoded as UTF-8,
  UTF-16le, or UTF-16be.
</blockquote><blockquote><b>S50300:</b>
  SQLite database files shall be processor and byte-order independent.
</blockquote><blockquote><b>S60100:</b>
  The SQLite library shall provide interfaces that an application can
  use to discover fixed, compile-time characteristics of the 
  SQLite library.
</blockquote><blockquote><b>S60200:</b>
  The SQLite library shall provide interfaces that an application can
  use to find run-time performance characteristics and status of the
  SQLite library.
</blockquote><blockquote><b>S60300:</b>
  The SQLite library shall provide interfaces that permit an application
  to query the schema of a database.
</blockquote><blockquote><b>S60400:</b>
  The SQLite library shall provide interfaces that allow an application
  to monitor sequence of queries and progress of submitted to SQLite.
</blockquote><blockquote><b>S60500:</b>
  The SQLite library shall provide interfaces that allow an application
  to discover the algorithms that SQLite has chosen to implement specific
  SQL statements.
</blockquote><blockquote><b>S60600:</b>
  The SQLite library shall provide interfaces that allow an application
  to discover relationships between SQLite objects.
</blockquote><blockquote><b>S70100:</b>
  The SQLite library shall provide the application means by which the
  application can test and enforce compliance with database access
  policies for any particular SQL statement.
</blockquote><blockquote><b>S70200:</b>
  The SQLite library shall provide interfaces that test to see if an
  SQL statement being received incrementally is complete.
</blockquote><blockquote><b>S70300:</b>
  The SQLite library shall support prepared statement objects with
  late parameter binding
</blockquote><blockquote><b>S80100:</b>
  SQLite shall make anomalies visible to the application
</blockquote>
<hr><small><i>
This page last modified 2008/10/30 23:36:51 UTC
</i></small></div></body></html>