On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
>  I am in the process of setting up a forum which uses SQLite on a web
>  server which has ~50 other users. I can create a directory for the
>  sqlite database, which I chown to 'apache' (the user under which the
>  web server is run). However, because the database is then writable by
>  apache, could other users not potentially write web applications
>  which could edit that database (and potentially remove all tables?).
>  In MySQL for example, this is not a problem because of the different
>  users/privileges, but what is the common way around this in SQLite?

Nothing specific to SQLite, but common good web programming practice.
Don't keep the db in a web accessible path.

My web root is /path/to/web/root/

my db is in

/a/totally/different/path/to/db



-- 
Puneet Kishor http://punkish.eidesis.org/
Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/
Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to