SQLite security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

SQLite security

Post by greyhoundcode »

If I am compelled to use SQLite3 rather than MySQL, what can I do to secure the database file's contents?

And, from a performance perspective, would it be better to encrypt the whole file (assuming that's a possibility) then decrypt each time I want to read the contents, or would it be better to encrypt/decrypt on a field by field basis?

Thanks for any help, or for pointers to external references.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: SQLite security

Post by kaisellgren »

greyhoundcode wrote:If I am compelled to use SQLite3 rather than MySQL, what can I do to secure the database file's contents?

And, from a performance perspective, would it be better to encrypt the whole file (assuming that's a possibility) then decrypt each time I want to read the contents, or would it be better to encrypt/decrypt on a field by field basis?

Thanks for any help, or for pointers to external references.
Store the file outside the public folder. If someone can access it, he would have a complete filesystem access in which case it does not matter if he can read your database.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: SQLite security

Post by Christopher »

As kaisellgren says, you should protest the file like you would protect any file on your server. If you cannot secure the filesystem then encrypting/decrypting will not be much use -- because if they can read the file, they can read your code.
(#10850)
Post Reply