Re: SQLite security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can use Mcrypt, OpenSSL or any other crypographic provider to encrypt
the information however for your application to be able to access the
information you would also have to store the encryption key, reducing the
protection offered.

Any PHP MySQL connection script has the DB password in it somewhere so this is not an issue I think.
phpMyAdmin allows you to put the password into a config file...
But you can't download a MySQL database by typing in a URL.


I think encryption for SQLite is essential for PHP. It makes it almost useless in a webscripting language.
Suppose you wanted to create an open source, easily portable, file based guestbook in PHP. I would never use SQLLite under the current circumstances... Although I would love to. It seems like the perfect solution.


But the database needs a password.... otherwise it is just too much of a security risk.

SQLite is intended for applications that need a database but don't need a
full fledged solution such as PostgreSQL

I can't think of one (1) web based application where I would recommend SQLite - if I can't specify a password for access.
Maybe for PHP-GTK, but that is not web based (and PHP is used a great deal for web scripting).


Remember regardless of the database you use if you are using a shared
hosting provider it is possible othere hosting clients will be able to
access your database regardless of the engine you use.

Shared hosting vulnerabilities have nothing to do with SQLite security.
phpMyAdmin seems to be a popular choice for MySQL admin and I reckon there must be a few people who use it in shared hosting situations.


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux