Feature or enhancement

Python's SQLite bindings should exposesqlite3_db_config and at leastSQLITE_DBCONFIG_DEFENSIVE (or an idiomatic version of the same)

Pitch

The libsqlite3.dylib built into Darwin enables defensive mode by default for all connections in processes linked on or after macOS 11 Big Sur as a mitigation layer against the general class of security vulnerabilities that can be exploited with pure SQL, but it's still useful to be able to disable it when using certain tools (likesqlite-utils). Conversely, developers may find it useful to be able to enable defensive mode on other platforms when opening a database with an untrusted schema, or executing untrusted SQL statements from remote sources.

Previous discussion

This was prompted by abrief discussion on Mastodon with@erlend-aasland

Linked PRs

• gh-103489: Add get/set config methods to sqlite3.Connection #103506