Protecting a SQLite database file

[blm126]

So, how would you go about protecting a SQLite database file. I'm working on a couple PHP scripts using SQLite, and I'm not sure how to protect the database. It seems to me that someone could download the file since it is the directory right next to the script. How do I prevent this?

[mburt]

Make an index.php for that folder and set your condition.
For example:

Code:

if ($_GET["key"] != "randomstringhere") {
dostuffhere();
}

I do it for redirections on my site if someone puts in a wrong page address.

[Twey]

Move the file out of the web root.

[boxxertrumps]

Why would it be in the web root in the first place? SQL files are in the MySQL/Other database's directory by default.

[Twey]

Not MySQL, boxxertrumps. SQLite.

SQLite databases consist of a single file, no server, and can be placed wherever they're needed.

[mburt]

Yup... in fact, I have no idea where my MySql path is. That is a plus for SqlLite, but also a fault because of the security leak.

[thetestingsite]

It's only a real security leak if the data is stored in the root directory (or one accessible from the web). If it was stored even one level higher than the web directory, it would be safer.

[mburt]

Yeah, I know. But it's still on the web one way or another. Get some super hacker and see how far she/he goes with it

[Twey]

Another option (best used in tandem with moving it out of the web root) is to encrypt the file in some manner.

Yeah, I know. But it's still on the web one way or another.

Not really. It's on a server that's connected to the Internet, certainly, but it's not on the Web, per se. Besides, so is any database. It's remarkably tricky to return data when requested without storing said data

[thetestingsite]

Yea, maybe make up some kind of encryption/decryption method in one of the scripts used to access the data. That should be fairly easy (or extremely complex) depending on how you do it.