Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, that's obvious nonsense. Merely using SQLite in your app does not open a port. How, exactly, are you going to be "vulnerable to remote code execution" when you don't use any network connections?

And the phrase "uses SQLite or Chromium" is pretty close to gibberish. Those two things... are not really related.



Doesn't Chromium (like lots of other software) embed SQLite? So using Chromium would be (a potentially easily overlooked way) of using SQLite?


Yes it does, and it makes sense to mention it because Chrome and Chromium are very popular and widespread, but many may not know it uses SQLite.


Its a fairly special case where any website can execute arbitrary SQL due to WebDB. It should be mentioned that this is deprecated: https://hacks.mozilla.org/2010/06/beyond-html5-database-apis...


Yeah and that deprecated feature will probably still be around failing to totally die a decade from now.


That would be "Chromium and SQLite", which is a combination that makes sense. "Or" doesn't make sense.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: