setAuthorizer



Registers an authorizer callback method that is invoked as SQL statements are being compiled by instantiating an The ooSQLiteStmt Class object. The callback allows the Rexx program to disallow certain actions of the SQL, or reject the SQL statemen entirely.

Arguments: The arguments are:
callBackObj [required] An instantiated object with a method that will be invoked during the compilation of a SQL statement However, this argument can also be .nil to indicate that any installed update hook is to be removed.
mthName [optional] The method name that will be invoked during a call back. By default, the method invoked will beauthorizerCallBack(). However, the user can specify an alternative method if desired. This argument is ignored when thecallbackObjargument is .nil.
userData [optional] This can be any Rexx object the user desires. The object will be sent as the last argument to the authorizer callback method when it is invoked. This argument is ignored when the callbackObj argument is .nil.
Return value: Returns a SQLite result Result Code Constants . Currently, it appears that the SQLite database engine always returns OK.
Remarks: At various points during the compilation process of a statement, as logic is being created to perform various actions, the authorizer callback is invoked to see if those actions are allowed. The authorizer callback should return OK to allow the action, IGNORE to disallow the specific action but allow the SQL statement to continue to be compiled, or DENY to cause the entire SQL statement to be rejected with an error. If the authorizer callback returns any value other than IGNORE, OK, or DENY then the instantiation of theooSQLiteStmtobject that triggered the authorizer will fail with an error lastErrMsg (Attribute) . An authorizer is used when preparing SQL statements from an untrusted source, to ensure that the SQL statements do not try to access data they are not allowed to see, or that they do not try to execute malicious statements that damage the database. For example, an application may allow a user to enter arbitrary SQL queries for evaluation by a database. But the application does not want the user to be able to make arbitrary changes to the database. An authorizer could then be put in place while the user-entered SQL is being prepared that disallows everything except SELECT statements. Programs that need to process SQL from untrusted sources might also consider lowering resource limits using the limit method and / or limiting database size using themax_page_count pragma in addition to using an authorizer.
Details: The functionality of thesetAuthorizermethod is similar to that of the SQLite sqlite3_set_authorizer API.