SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws

author: bohwaz <github.bohwaz@miam.kd2.org> 2018-12-16 22:52:37 +0100
committer: Joe Watkins <krakjoe@php.net> 2019-03-11 18:02:03 +0100
commit: 58c25bf679125a2da354db58ddc6b0cf6d10ee00 (patch)
tree: 3848c97cf6070cc408e80acfbc8ed9b51280eeba /php.ini-production
parent: 66bd861fcd2a508d5321d8a3be6158f5026aafc6 (diff)
download: php-git-58c25bf679125a2da354db58ddc6b0cf6d10ee00.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/php.ini-production b/php.ini-production
index d8f686e269..0658bf890f 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -991,8 +991,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
author	bohwaz <github.bohwaz@miam.kd2.org>	2018-12-16 22:52:37 +0100
committer	Joe Watkins <krakjoe@php.net>	2019-03-11 18:02:03 +0100
commit	58c25bf679125a2da354db58ddc6b0cf6d10ee00 (patch)
tree	3848c97cf6070cc408e80acfbc8ed9b51280eeba /php.ini-production
parent	66bd861fcd2a508d5321d8a3be6158f5026aafc6 (diff)
download	php-git-58c25bf679125a2da354db58ddc6b0cf6d10ee00.tar.gz