I was wondering if someone can just download off my webpage the sqlite database.
And if they can is there a way to block this type of download throw apache?
Don't put the SQLite database in an apache web site directory..
This is easily done if you run your own web server or with some of the better web hosting companies, but with a basic 'home page' hosting service, it might not be possible.
If you can only upload to a single directory structure which contains your website, but you can modify the .htaccess file freely, then there are a few options
1) Prevent access to the database directory
Put the database in its own directory Make a .htaccess file in that directory. Add the following line to it:
deny from all
2) Redirect access to the database
Add to your .htaccess file in the folder where the database lives: Redirect mydatabase.db http://www.mysite.com/index.php
This will make Apache redirect any attempts to download 'mydatabase.db' to the page 'http://www.mysite.com/index.php'
(Test these two options before you rely on them!)
If you can't modify .htaccess (or only modify it in a limited way) , then you'll be stuck with 'hiding' the database (eg have it so it could be downloaded from http://www.mysite.com/gwegwedh9874y634nvf7fv/rojr8astasdug4/gfw07y32t23h3.jeg
(note that the file extension doesn't need to be .db) Yes, this is security by obscurity, which isn't great, but it'll be reasonably effective, as long as the path to your database isn't shown in the downloadable website page source anywhere...
Paul VPOP3 - Internet Email Server/Gateway [EMAIL PROTECTED] http://www.pscs.co.uk/
