Adam Q <[EMAIL PROTECTED]> writes: > I think encryption for SQLite is essential for PHP. Without it, it makes it > almost useless in a webscripting language. Suppose you wanted to create an > open source, easily portable, file based guestbook in PHP. I would never use > SQLLite under the current circumstances... Although I would love to. It > seems like the perfect solution. > > The database needs a password.... otherwise it is just too much of a > security risk.
Others have commented on where the database should (or shouldn't) be located to avoid these problems. If the server environment is so inadequately maintained as to put database files in locations where they might be downloaded, then I would contend that it would not be a difficult job to manage to download the PHP or other data file which contains the username and/or password that would be used to access the database. If the database is encrypted, there must be authentication information available to the script that's going to access the database. That's just as insecure. If you really want an SQLite dataabase to be encrypted, the author of SQLite, D. Richard Hipp, has a non-free (one-time royalty, I believe) enhancement to add that feature. You can find his email address at the sqlite site, http://www.sqlite.org Derrell -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
