On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: > > Just because "apache" the user account on your compute can access the > > db, doesn't mean apache the webserver is serving that file. > > > > My webserver runs as user "www" > > > > My db is under ~/Data/<website>/database.db owned by me, but chmod-ed to > 666 > > > > The webserver serves only files under ~/Sites/<website>/ > > > > I understand what you mean, but if your database file is chmod-ed to 666, > any other user logged in to your web server can edit it, correct? If you are > the only user on your web server, then indeed placing it outside the web > directory is enough, but what I am asking about is for cases when there are > 100 or 1000 users that can all log in to the same web server.
Why on earth do your web users log on to your web server from any interface other than the web? My web server is behind a firewall, reachable only via ssh over vpn. > > Thomas > > > > > > > > > > > > > > > > > Thomas > > > > > > > > > On 22 Apr 2008, at 15:14, P Kishor wrote: > > > > > > > > > > > > > > > > > On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Hi everyone, > > > > > > > > > > I am in the process of setting up a forum which uses SQLite on a > web > > > > > server which has ~50 other users. I can create a directory for the > > > > > sqlite database, which I chown to 'apache' (the user under which > the > > > > > web server is run). However, because the database is then writable > by > > > > > apache, could other users not potentially write web applications > > > > > which could edit that database (and potentially remove all > tables?). > > > > > In MySQL for example, this is not a problem because of the > different > > > > > users/privileges, but what is the common way around this in SQLite? > > > > > > > > > > > > > > > > > > Nothing specific to SQLite, but common good web programming practice. > > > > Don't keep the db in a web accessible path. > > > > > > > > My web root is /path/to/web/root/ > > > > > > > > my db is in > > > > > > > > /a/totally/different/path/to/db > > > > > > > > > > > > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
