Here is the simple truth, if you are using a shared hosting solution that is not VPS (Virtual Private Server) it would be relatively trivial for other users of the system to access any file that the webserver has access to. Now, because webserver will need access privileges to various PHP configuration file that means that those users can read then and consequently grab your passwords.
The only exception to this rule being if PHP is used as CGI or a separate Apache process is running for each user. In this case given proper file permissions (Ex. 0600) it would be nearly impossible for other users of the system to read yourfiles without 1st gaining root access on the machine. An Sqlite database is nothing more then a binary file, and you should treat it such. If you do not want to have people being able to download it, do not put it inside a web accessible directory. Another trick you can do is to give your sqlite database a .php extension and create a table that would cause PHP to generate a parse error when trying to send the database to the user. Ex. create table '<?php' (a); This will make it impossible for people to download the data inside your database. Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
