On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: > Hi everyone, > > I am in the process of setting up a forum which uses SQLite on a web > server which has ~50 other users. I can create a directory for the > sqlite database, which I chown to 'apache' (the user under which the > web server is run). However, because the database is then writable by > apache, could other users not potentially write web applications > which could edit that database (and potentially remove all tables?). > In MySQL for example, this is not a problem because of the different > users/privileges, but what is the common way around this in SQLite?
Nothing specific to SQLite, but common good web programming practice. Don't keep the db in a web accessible path. My web root is /path/to/web/root/ my db is in /a/totally/different/path/to/db -- Puneet Kishor http://punkish.eidesis.org/ Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
