Thanks for your reply! However, apache has to be able to access /a/ totally/different/path/to/db, so this means that any user on the same server can access it via e.g. a PHP web page, if they know that path, is that correct?
Thomas On 22 Apr 2008, at 15:14, P Kishor wrote: > On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: >> Hi everyone, >> >> I am in the process of setting up a forum which uses SQLite on a web >> server which has ~50 other users. I can create a directory for the >> sqlite database, which I chown to 'apache' (the user under which the >> web server is run). However, because the database is then >> writable by >> apache, could other users not potentially write web applications >> which could edit that database (and potentially remove all tables?). >> In MySQL for example, this is not a problem because of the different >> users/privileges, but what is the common way around this in SQLite? > > Nothing specific to SQLite, but common good web programming practice. > Don't keep the db in a web accessible path. > > My web root is /path/to/web/root/ > > my db is in > > /a/totally/different/path/to/db > > > > -- > Puneet Kishor http://punkish.eidesis.org/ > Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ > Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
