CSS Codes
CSS Layouts
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Protecting a SQLite database file

  1. 02-10-2007, 02:15 AM #11
    mburt's Avatar
    mburt
    mburt is offline Elite Coders
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    Pfft... screw that, just encrypte the stored data (passwords for example). If someone does hack it, they won't know what encrypted it, so it would be impossible to reverse.
    - Mike
    Reply With Quote Reply With Quote
  2. 02-10-2007, 02:53 AM #12
    blm126's Avatar
    blm126
    blm126 is offline Senior Coders
    Join Date
    Sep 2005
    Posts
    882
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by Twey View Post
    Move the file out of the web root.
    I thought of this, but was hoping someone would know of an easier way. When the code is deployed on a couple different servers, it gets annoying to have to change the SQLite file path.
    Quote Originally Posted by Twey View Post
    Another option (best used in tandem with moving it out of the web root) is to encrypt the file in some manner
    The passwords are already encrypted with md5, are you talking about encrypting everything. I can imagine that would cause a performance hit.

    Quote Originally Posted by mburt View Post
    Pfft... screw that, just encrypte the stored data (passwords for example). If someone does hack it, they won't know what encrypted it, so it would be impossible to reverse.
    Not really. It wouldn't take them long to realize it is a PHP script, and that there aren't that many reversible encryption schemes out there for PHP, and I don't have the knowledge to write my own.

    Since I stick to Apache servers could .htaccess be used? I'm not sure how.
    Reply With Quote Reply With Quote
  3. 02-10-2007, 03:20 AM #13
    Twey's Avatar
    Twey
    Twey is offline Modtoreador
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    I thought of this, but was hoping someone would know of an easier way. When the code is deployed on a couple different servers, it gets annoying to have to change the SQLite file path.
    You could also put it in a directory under the web root without read or execute privileges, and take those privileges from the file itself too.
    The passwords are already encrypted with md5, are you talking about encrypting everything. I can imagine that would cause a performance hit.
    I was, and it would.
    there aren't that many reversible encryption schemes out there for PHP
    There are plenty.
    Since I stick to Apache servers could .htaccess be used? I'm not sure how.
    Yes, you could:
    Code:
    <Files mydatabase.db>
  Deny From All
</Files>
    ... or similar.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
    Reply With Quote Reply With Quote
  4. 02-10-2007, 05:32 PM #14
    blm126's Avatar
    blm126
    blm126 is offline Senior Coders
    Join Date
    Sep 2005
    Posts
    882
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Quote Originally Posted by Twey View Post
    :
    Code:
    <Files mydatabase.db>
  Deny From All
</Files>
    ... or similar.
    Thanks Twey, that's perfect.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules