Sqlite password protect file???

itsallgood

Hi guys,

I'm just getting started with sqlite - i like the idea of everything being stored in a single file.

The problem is... i'm worried about security - i notice anyone can download your database file, so i fixed this using htaccess, but i would also like to password protect the file.

The option is avialble in the software i used to create the sqlite 3 file - database.db3

But the php i'm using to open/use the database dosnt seem to have the option to take the password:

try {
    $db = new PDO("sqlite:database.db3");
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }

This works fine if the database has no password - but i would really like to enabled an encryption password on my file.

Thanks for the help!

laserlight

Keep the SQLite database file outside of your document root (a.k.a. public html) directory.

itsallgood

thanks laserlight, but thats not really possible for what i'm doing.

Is there no way to enter the sqlite password using php and PDO???

Thanks again for the help!

Regards,

laserlight

itsallgood wrote:
Is there no way to enter the sqlite password using php and PDO???

SQLite does not have any access control other than what is provided by the filesystem, or otherwise externally provided.

itsallgood

laserlight;10966521 wrote:
SQLite does not have any access control other than what is provided by the filesystem, or otherwise externally provided.

When i create my sqlite database - i get the option of setting a database password.

So at the moment - it is not possible to upload this password protected database, and use it with PHP and PDO 😕

That is sad, as sqlite seemed really great - but having no real security when the database is stored in the public html isnt very good.

I read that PDO is now the best way to work with sqlite files, but the php site also shows this as a way of opening the sqlite databases, and it allows for an encryption key / password: (LINK TO PHP SQLite page)

public bool SQLite3::open ( string $filename [, int $flags = SQLITE3_OPEN_READWRITE | SQLITE3_OPEN_CREATE [, [B]string $encryption_key [/B]]] )

laserlight

itsallgood wrote:
When i create my sqlite database - i get the option of setting a database password.

Sure, but what exactly is the significance of this password is anyone's guess since you did not provide any details as to what is this software that you used to work with your SQLite databases.

itsallgood wrote:
So at the moment - it is not possible to upload this password protected database, and use it with PHP and PDO

As far as I can tell: yes.

itsallgood wrote:
That is sad, as sqlite seemed really great - but having no real security
when the database is stored in the public html isnt very good.

It is sad that you are unable to store your database file outside of the public html directory.

itsallgood wrote:
I read that PDO is now the best way to work with sqlite files, but the php site also shows this as a way of opening the sqlite databases, and it allows for an encryption key / password:

My guess is that this is to cater for the encryption extension of SQLite. However, this extension is not available for free. However, even if you are able to use this, you still have the risk that if the webserver fails to have your PHP scripts interpreted for some reason, it may be possible to obtain the secret key for decryption, along with your database file, since they are all stored in the public html directory.