It is a clever attack. The idea is that if you have an application that uses an SQLite database with a schema like this: ~~~~~ CREATE TABLE xyzzy(...); ~~~~~ And if your application always 1. Registers an application-defined SQL function "`send_money()`" upon start-up and then 2. Runs "`SELECT * FROM xyzzy WHERE...`" thereafter Then the attacker can modify your schema like this: ~~~~~ ALTER TABLE xyzzy RENAME to xyzzy_real; CREATE VIEW xyzzy AS SELECT * FROM xyzzy_real WHERE send_money(...) IS NOT NULL OR 5<>11; ~~~~~ Then, when your application naively opens the database file and reads the xyzzy table, it will actually cause the view to run and send money to the attacker. ## Features Recently Added to SQLite To Help Avoid This Attack. 1. You can now specify that application-defined SQL functions are [SQLITE_DIRECTONLY][1]. This means that they can only be called from top-level SQL, not from triggers or views. The use of SQLITE_DIRECTONLY is recommended for any application-defined SQL function that has side-effects. 2. There is the [SQLITE_DBCONFIG_ENABLE_VIEW][2] option which can be used to completely disable views, and hence shut down this attack. Recommended if your application does not need or use views. The corresponding [SQLITE_DBCONFIG_ENABLE_TRIGGER][3] option has been around for ages already. It too is recommended for security-sensitive applications that do not need or use triggers. 3. You can run [PRAGMA trusted_schema=OFF;][4] to cause all historical application-defined SQL functions to act as if they were SQLITE_DIRECTONLY even if they were not declared as such. On by default for historical compatibility, but recommended for security-sensitive applications. See the [Defense Against Dark Arts][5] page for additional discussion of these ideas. [1]: https://www.sqlite.org/c3ref/c_deterministic.html#sqlitedirectonly [2]: https://www.sqlite.org/c3ref/c_dbconfig_defensive.html#sqlitedbconfigenableview [3]: https://www.sqlite.org/c3ref/c_dbconfig_defensive.html#sqlitedbconfigenabletrigger [4]: https://www.sqlite.org/pragma.html#pragma_trusted_schema [5]: https://www.sqlite.org/security.html