I would like to use an SQLite DB for the prefs for an open source PHP project, but I can't find any way to be sure the DB file is going to be secure... Is it possible to encrypt a SQLite DB file?

With the current setup, if I include a .htaccess for the DB dir, this will only work for Apache - not IIS.
I know I can include a warning about how important it is to place the files outside the HTTP directory tree and .htaccess files are good, but it is just too easy to download an SQLite DB... I can't really see any PHP use that would be OK for this really.
if I put the db file "SQLITE.DB" into /www/db
Anybody can d/l it by typing

I though I might even be able to prevent d/l by naming the DB file with a "." at the start but it makes do difference.

... and if the project is open source it is just too much of a security risk as everybody knows where the file is going to be on a default installation.

Otherwise I'm stuck with the standard PHP prefs file "confing.inc.php" (- which is safe from prying eyes):
if (defined("correct_entry_point")) {
my_pref[1] = "lots of good stuff";

But updating this on pref changes is no fun compared to SQLite....


Please somebody tell me I'm wrong,

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to