One thing that concerned me about using an Sqlite database on a website was security. An Sqlite database is a single file. The only security is has is based on file system security, which makes it subject to compromise when kept in a section of the file system open to the world, like your web folder.
I thought about putting it outside the webfolder, but haven't been able to figure out how. The examples I found on the web were on the order of storing it in
$_SERVER['DOCUMENT_ROOT'] . '/../database.sqlite'
where database.sqlite is the name of your database. This essentially stores the database in a directory one level above the web directory.
However, all hosts, including mine, apparently, don't allow data files to be stored outside the web directory, at least for subdomains.
My second thought was to deny access through the htaccess file. I found this configuration, which should do the trick:
<Files ~".ext">
Order deny,allow
deny from all
</Files>
Here ext is the extension with which you have named your Sqlite database. This can be used on any host that allows per-directory htaccess files.
...Security II">Sqlite Web Security II Posted by rick on January 31, 2008 A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because ...
...Security II">Sqlite Web Security II Posted by rick on January 31, 2008 A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because ...