Crypt sqlite wit phpliteadmin

Everything that does not fit anywhere else.
Forum rules
Preferred language of discussion is English so most users can profit from your threads, but German is okay as well.

Bevorzugte Sprache ist Englisch, damit möglichst viele Nutzer von den Threads profitieren können, aber Deutsch wird auch akzeptiert.
Post Reply
Disaster.net

Crypt sqlite wit phpliteadmin

Post by Disaster.net » Thu Apr 25, 2013 9:00 pm

Hallo.

Sorry for this message..
i'm a PHP-Sqlite user and i find your projec perfect for manage data in php-sqlite projectts during develop..

my problems start if think that the projects can go out from my pc, in a server... in example (i'm developing short program foor manage associations)
the problem is that SQLITE is complitely without security and/or encription....

did you think possible integrate phpliteadmin with encription code like securesqlite.class.php ??

did you think posseble create an encription module to add in PHP projects for use encripted SqLite dbases ??

tnks iin advice
FLavio fom Italy
disaster.net@gmail.com

Christopher
Site Admin
Posts: 160
Joined: Sat Mar 03, 2012 10:30 pm
Location: Germany

Re: Crypt sqlite wit phpliteadmin

Post by Christopher » Thu Apr 25, 2013 10:36 pm

Hey,

on a public server, protection of your sqlite database should not start with encryption but rather with restriction of access to the sqlite db file itself. It should not be possible at all to download the sqlite db file. You can easily achieve this by configuring your webserver correctly. For example, you can store your sqlite file in a directory that is protected by (Basic) HTTP Auth (.htaccess protection). Or you could configure your server so that it does not allow access to files with a certain file extension (just ask if you don't know how to do this).
Of course you can also move the file out of the webserver's docroot, but this is only possible if you have sufficient access rights on the server (which you usually only have if it's a vServer or root-server).

Encrypting the db does not add security if you later store the key in some php-file. If the webserver is configured as described above, a php-file is not more secure to be read then a sqlite db. Encryption only adds a level of security if you request the key from the user and don't store it on disk. If you do this, then encryption can really make sense. As far as I know, sqlite v3 offers some encryption mechanism, and it was once planned for phpLiteAdmin. But there is no issue for it yet, it is only mentioned in the roadmap. If you think it's a useful feature, please open a new issue here.

Greetings,
Christopher
I try to support my users as best as I can.
Please support me and CrazyStat in return. Thanks.

amal
Posts: 1
Joined: Wed Mar 11, 2015 7:03 am

Re: Crypt sqlite wit phpliteadmin

Post by amal » Wed Mar 11, 2015 7:05 am

But these are things you usually don't do ;)
amal

Post Reply