Understanding file permissions, sqlite, and wal-mode
βοΈDeno CLI
If I do
allow-read=mydb.sqlite3allow-read=mydb.sqlite3 and --allow-write=mydb.sqlite3--allow-write=mydb.sqlite3 it lets me connect to the database, and then the query to enable WAL can be issued, and it seems likely that it allows the .shm and .wal files to be created, which I think is fine. However this doc seems intended to be very comprehensive but seems not to mention this. https://docs.deno.com/runtime/fundamentals/security/#file-system-access Wondering if just this doc should be updated, and if there are likely any other exceptions to the policy applying just to the given files, and if --deny on the wal and shm files should result in node:sqlite refusing to connect, or if it can be started in a non-wal mode and not go into a wal mode, or if the user goes out of the way to deny that, that it should just be ignored.Deno
A guide to Deno's security model and permissions system. Learn about secure defaults, permission flags, runtime prompts, and how to safely execute code with granular access controls.
