db: add STRICT tables with migration for old databases#8559
Open
wqxoxo wants to merge 1 commit intoElementsProject:masterfrom
Open
db: add STRICT tables with migration for old databases#8559wqxoxo wants to merge 1 commit intoElementsProject:masterfrom
wqxoxo wants to merge 1 commit intoElementsProject:masterfrom
Conversation
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
9 times, most recently
from
415d91c to
dec2ae7
Compare
Contributor
This seems good, except that it should be enabled by the --developer flag, not random environment variables. We get much of this checking already by using Postgresql as the backend, but it's definitely an improvement.
This is done in the wrong place. We use devtools/sql-rewrite.py to translate our SQL statements into local dialects already. The exception is the sql plugin, but that's also up to the user.
We don't load untrusted databases, but trusted_schema isn't harmful. cell_size_check will slow us down, and only helps if the db is corrupted (hopefully catching it earlier), so I like that one. secure_delete is not meaningful for us, that I can tell.
Except that doesn't matter since only developers changing the code will ever see such messages, when they add an invalid sql statement.
Hi ChatGPT? Or maybe claude? To be honest, this entire thing should be a several-line patch, which enables the pragmas inside db/db_sqlite3.c |
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
2 times, most recently
from
b01b22e to
55927b7
Compare
Contributor
Author
|
Thank you for the feedback @rustyrussell . I've reworked the implementation based on your guidance, I hope this is more aligned with what you had in mind. |
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
55927b7 to
eac29a0
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
2 times, most recently
from
03dd29c to
03a2736
Compare
wqxoxo
added a commit
to wqxoxo/lightning
that referenced
this pull request
Nov 25, 2025
Enables STRICT tables in developer mode, but old databases (~2019) may have BLOB values in TEXT columns. Migration converts BLOB faildetail to TEXT with UTF-8 validation, NULLs invalid data. Also adds security pragmas in developer mode: trusted_schema=OFF, cell_size_check=ON, mmap_size=0, quick_check on startup. Fixes ElementsProject#7913, fixes migration failures in PR ElementsProject#8559. Changelog-Added: Database: SQLite STRICT tables in developer mode Changelog-Added: Database: Security pragmas in developer mode Changelog-Fixed: Database migration for old BLOB-typed faildetail values
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
03a2736 to
878d7c7
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
5 times, most recently
from
e6264a8 to
1c3cdc5
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
1c3cdc5 to
18c0d94
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
6 times, most recently
from
582a105 to
76d6d7c
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
4 times, most recently
from
11edd24 to
64e0272
Compare
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
64e0272 to
08154c5
Compare
wqxoxo
changed the title
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
08154c5 to
1374314
Compare
Enables STRICT tables in developer mode, but old databases (~2019) may have BLOB values in TEXT columns. Migration converts BLOB faildetail to TEXT with UTF-8 validation, NULLs invalid data. STRICT is only applied to fresh databases; existing databases being upgraded skip STRICT to avoid type affinity issues with legacy data. Also adds security pragmas in developer mode: trusted_schema=OFF, cell_size_check=ON. Fixes ElementsProject#5390. Changelog-Added: Database: STRICT tables and security pragmas in developer mode Changelog-Fixed: Database migration for old BLOB-typed faildetail values
wqxoxo
force-pushed
the
feat/strict-tables-security
branch
from
1374314 to
2d8cca4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Turns out old databases (~2019) can have BLOB values stuck in TEXT columns due to SQLite type affinity, so we can't just slap STRICT on existing tables. This adds STRICT to new CREATE TABLE statements in
--developermode, with a migration that cleans up the BLOB faildetail values in payments first. Also enablestrusted_schema=OFFandcell_size_check=ONwhile we're at it.For upgraded databases, STRICT is skipped entirely to avoid breaking legacy data.
Fixes #5390.