On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: > Thanks for your reply! However, apache has to be able to access > /a/totally/different/path/to/db, so this means that any > user on the same server can access it via e.g. a PHP web page, if they know > that path, is that correct?
Just because "apache" the user account on your compute can access the db, doesn't mean apache the webserver is serving that file. My webserver runs as user "www" My db is under ~/Data/<website>/database.db owned by me, but chmod-ed to 666 The webserver serves only files under ~/Sites/<website>/ > > Thomas > > > On 22 Apr 2008, at 15:14, P Kishor wrote: > > > > > > On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: > > > > > Hi everyone, > > > > > > I am in the process of setting up a forum which uses SQLite on a web > > > server which has ~50 other users. I can create a directory for the > > > sqlite database, which I chown to 'apache' (the user under which the > > > web server is run). However, because the database is then writable by > > > apache, could other users not potentially write web applications > > > which could edit that database (and potentially remove all tables?). > > > In MySQL for example, this is not a problem because of the different > > > users/privileges, but what is the common way around this in SQLite? > > > > > > > Nothing specific to SQLite, but common good web programming practice. > > Don't keep the db in a web accessible path. > > > > My web root is /path/to/web/root/ > > > > my db is in > > > > /a/totally/different/path/to/db > > > > > > > > -- > > Puneet Kishor http://punkish.eidesis.org/ > > Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ > > Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ > > _______________________________________________ > > sqlite-users mailing list > > sqlite-users@sqlite.org > > > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > > > -- Puneet Kishor http://punkish.eidesis.org/ Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
