On 21 Dec 2010, at 1:44pm, Philip Graham Willoughby wrote: > Implementing an SQLite-based server does not obviously enable this in and of > itself. If you could open a database on a remote machine using its filename > as the OP was trying to do it would enable this, but we got into this > discussion when it was discovered that doing so was a bad idea.
This was my first thought when I considered implementing an SQLite-over-IP protocol: that there was no user model and therefore no need for passwords. Mounting a database on the server would mean that anyone who knew your IP address, port number and database name could access the data. So my conclusion was that you would need to implement, in the first case, a simple user privilege model, nominating which users (or which IP addresses) could access which databases. Just to throw into the pot: It's not that hard to do an extremely simple version of this using HTTP and either XML or JSON. Set up a web server with some PHP or Python pages which take the following parameters: databasename command You call up the right web page with the right values for the parameters, either as a GET or a PUT. One web page just executes the command and returns a result code, result message, etc., in either XML or JASON, depending on what the programmer likes best. A different web page is for executing SELECTs (or some PRAGMAs) and returns the above plus a table of results. On the server set up an authentication database with a table with the following columns IPAddress database and have your code check it to see that the requester should have access to that database. Anything else is gravy. Most of the tricky programming will be doing HTMLEntity conversion, and checking for injection exploits. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users