LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page SQLite database security - doesn't exist?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-29-2005, 09:29 PM   #1
vharishankar
Senior Member
 
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Blog Entries: 4

Rep: Reputation: 138Reputation: 138
SQLite database security - doesn't exist?

How do I make a secure database in SQLite?

For instance. If I want to write to a SQLite db file, then I need to make the directory writable.

On the other hand, they say that you should not put the database in the webroot directory.

But even if I put the database in any other directory, I still need to give write access to that directory to allow apps to read and write to the database. Isn't that a kind of "chicken and egg" problem?

It's confusing the hell out of me.

IS there *ANY* way to write a secure SQLite application or simply forget the idea and go with MySQL or other?

Any help will be welcome.
 
Old 11-30-2005, 01:49 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
You shouldn't need to make the directory writable, it should just need to be the file. SQLite uses filesystem permissions for security which should be at least as strong if not stronger than other authentication. You are correct about keeping it out of your webspace though, unless you want people to download it ofcourse.
 
Old 11-30-2005, 08:40 PM   #3
vharishankar
Senior Member
 
Registered: Dec 2003
Distribution: Debian
Posts: 3,178

Original Poster
Blog Entries: 4

Rep: Reputation: 138Reputation: 138
Quote:
SQLite uses filesystem permissions for security which should be at least as strong if not stronger than other authentication. You are correct about keeping it out of your webspace though, unless you want people to download it ofcourse.
I tried making the file writable and the directory non-writable. It doesn't work. I get a error whenever I try to update the database.

Of course, I have found a way out: Keep the db in a separate folder, use .htaccess to deny permissions to that folder and it works now.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
does database oriented file manager exist? GuodMan Linux - Software 3 05-05-2005 01:39 PM
MYSQL paranoia security prohibits PHP to use database ? Dark Carnival Debian 1 01-08-2005 10:33 AM
SQLite database backup ddpicard Linux - Software 2 11-01-2004 06:54 PM
Database Security anirudh Programming 4 10-28-2004 12:01 PM
Security idea, does it exist somewhere already? bobtmasse Linux - Security 3 12-18-2003 11:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:29 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration