> Just because "apache" the user account on your compute can access the > db, doesn't mean apache the webserver is serving that file. > > My webserver runs as user "www" > > My db is under ~/Data/<website>/database.db owned by me, but chmod- > ed to 666 > > The webserver serves only files under ~/Sites/<website>/
I understand what you mean, but if your database file is chmod-ed to 666, any other user logged in to your web server can edit it, correct? If you are the only user on your web server, then indeed placing it outside the web directory is enough, but what I am asking about is for cases when there are 100 or 1000 users that can all log in to the same web server. Thomas > > > >> >> Thomas >> >> >> On 22 Apr 2008, at 15:14, P Kishor wrote: >> >> >>> >>> On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: >>> >>>> Hi everyone, >>>> >>>> I am in the process of setting up a forum which uses SQLite on >>>> a web >>>> server which has ~50 other users. I can create a directory for the >>>> sqlite database, which I chown to 'apache' (the user under >>>> which the >>>> web server is run). However, because the database is then >>>> writable by >>>> apache, could other users not potentially write web applications >>>> which could edit that database (and potentially remove all >>>> tables?). >>>> In MySQL for example, this is not a problem because of the >>>> different >>>> users/privileges, but what is the common way around this in >>>> SQLite? >>>> >>> >>> Nothing specific to SQLite, but common good web programming >>> practice. >>> Don't keep the db in a web accessible path. >>> >>> My web root is /path/to/web/root/ >>> >>> my db is in >>> >>> /a/totally/different/path/to/db >>> >>> >>> >>> -- >>> Puneet Kishor http://punkish.eidesis.org/ >>> Nelson Institute for Environmental Studies http:// >>> www.nelson.wisc.edu/ >>> Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ >>> _______________________________________________ >>> sqlite-users mailing list >>> sqlite-users@sqlite.org >>> >> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >>> >> >> > > > -- > Puneet Kishor http://punkish.eidesis.org/ > Nelson Institute for Environmental Studies http://www.nelson.wisc.edu/ > Open Source Geospatial Foundation (OSGeo) http://www.osgeo.org/ _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
