SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws

author: bohwaz <github.bohwaz@miam.kd2.org> 2018-12-16 22:52:37 +0100
committer: Christoph M. Becker <cmbecker69@gmx.de> 2019-03-11 16:26:15 +0100
commit: e93259bb23500e26a7b0317cde9ad5398eec074e (patch)
tree: 347d3011bcd74e300d0afbbafd3aa594b8ee78e0 /php.ini-production
parent: 1fd32e9c2f15eabdc7e531b1fa76f62fc5a8ca75 (diff)
download: php-git-e93259bb23500e26a7b0317cde9ad5398eec074e.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/php.ini-production b/php.ini-production
index 0bd579a0b0..1dbbfc8d76 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -993,8 +993,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
author	bohwaz <github.bohwaz@miam.kd2.org>	2018-12-16 22:52:37 +0100
committer	Christoph M. Becker <cmbecker69@gmx.de>	2019-03-11 16:26:15 +0100
commit	e93259bb23500e26a7b0317cde9ad5398eec074e (patch)
tree	347d3011bcd74e300d0afbbafd3aa594b8ee78e0 /php.ini-production
parent	1fd32e9c2f15eabdc7e531b1fa76f62fc5a8ca75 (diff)
download	php-git-e93259bb23500e26a7b0317cde9ad5398eec074e.tar.gz