(www.sqlite.org)

275 points whatisabcdefgh | 1 comments | 04 Sep 25 21:36 UTC | HN request time: 0.435s | source

Show context

jll29 ◴[05 Sep 25 01:46 UTC] No.45134255[source]▶

I love SQLite.

As a document _exchange_/_interchange_ format, what I prefer for durability is a non-binary format (e.g. XML based).

For local use, I agree SQLite might be much faster than ZIP, and of course the ability to query based on SQL has its own flexibility merits.

replies(1): >>45135099 #

thayne ◴[05 Sep 25 04:56 UTC] No.45135099[source]▶

>>45134255 #

XML isn't great for exchange/interchange either due to security problems and inconsistencies in implementations. A big part of the problem is that xml has a lot of complexity, which leads to a bigger attack surface when parsing and processing untrusted data. And then xml entities are just inherently insecure, unless you disable some of their capabilities (like using remote files, and unlimited recursion).

That said, creating a format that can convey rich untrusted data is a hard problem.

replies(1): >>45135666 #

jdboyd ◴[05 Sep 25 06:50 UTC] No.45135666[source]▶

>>45135099 #

Part of the problem though with saying SQLite instead of XML is a lot of things would lend themselves to XML in SQLite.

replies(2): >>45135727 #>>45135778 #

1. thayne ◴[05 Sep 25 07:07 UTC] No.45135778[source]▶

>>45135666 #

Oh, I'm not saying sqlite is better than xml for data exchange. As mentioned in other comments, sqlite's security posture towards an untrusted database is problematic. My point is that xml has problems too.

↑

What If OpenDocument Used SQLite?