Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:12294 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 7278 invoked by uid 1010); 23 Aug 2004 11:24:22 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 7217 invoked from network); 23 Aug 2004 11:24:21 -0000 Received: from unknown (HELO mail.zend.com) (80.74.107.235) by pb1.pair.com with SMTP; 23 Aug 2004 11:24:21 -0000 Received: (qmail 21015 invoked from network); 23 Aug 2004 11:24:20 -0000 Received: from localhost (HELO zeev-notebook.zend.com) (127.0.0.1) by localhost with SMTP; 23 Aug 2004 11:24:20 -0000 Message-ID: <5.1.0.14.2.20040823140825.05bd2dc0@localhost> X-Sender: zeev@localhost X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 23 Aug 2004 14:24:12 +0300 To: Adam Q Cc: internals@lists.php.net In-Reply-To: <0ADA645E-F4F3-11D8-AC67-0003939D6C78@westnet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: [PHP-DEV] SQLite security From: zeev@zend.com (Zeev Suraski) References: <0ADA645E-F4F3-11D8-AC67-0003939D6C78@westnet.com.au> At 13:56 23/08/2004, Adam Q wrote: >Dear all, >I feel I may have uncovered a potentially large difficulty for the >adoption of SQLite. > >I think encryption for SQLite is essential for PHP. Without it, it makes >it almost useless in a webscripting language. Why is that? You would have to gain file-level access on the server in order to read any data. With properly set permissions and reasonable security, that shouldn't be possible. I think that most database setups in general don't keep their information encrypted, and the reasons they use username/password pairs is mainly because (a) they're designed to serve multiple users (at the OS level) on the same machine, and (b) they're designed to be accessed over the network. Do you have some specific concern in mind? Zeev