Page 1 of 1

Crypt sqlite wit phpliteadmin

Posted: Thu Apr 25, 2013 9:00 pm
by Disaster.net
Hallo.

Sorry for this message..
i'm a PHP-Sqlite user and i find your projec perfect for manage data in php-sqlite projectts during develop..

my problems start if think that the projects can go out from my pc, in a server... in example (i'm developing short program foor manage associations)
the problem is that SQLITE is complitely without security and/or encription....

did you think possible integrate phpliteadmin with encription code like securesqlite.class.php ??

did you think posseble create an encription module to add in PHP projects for use encripted SqLite dbases ??

tnks iin advice
FLavio fom Italy
disaster.net@gmail.com

Re: Crypt sqlite wit phpliteadmin

Posted: Thu Apr 25, 2013 10:36 pm
by Christopher
Hey,

on a public server, protection of your sqlite database should not start with encryption but rather with restriction of access to the sqlite db file itself. It should not be possible at all to download the sqlite db file. You can easily achieve this by configuring your webserver correctly. For example, you can store your sqlite file in a directory that is protected by (Basic) HTTP Auth (.htaccess protection). Or you could configure your server so that it does not allow access to files with a certain file extension (just ask if you don't know how to do this).
Of course you can also move the file out of the webserver's docroot, but this is only possible if you have sufficient access rights on the server (which you usually only have if it's a vServer or root-server).

Encrypting the db does not add security if you later store the key in some php-file. If the webserver is configured as described above, a php-file is not more secure to be read then a sqlite db. Encryption only adds a level of security if you request the key from the user and don't store it on disk. If you do this, then encryption can really make sense. As far as I know, sqlite v3 offers some encryption mechanism, and it was once planned for phpLiteAdmin. But there is no issue for it yet, it is only mentioned in the roadmap. If you think it's a useful feature, please open a new issue here.

Greetings,
Christopher

Re: Crypt sqlite wit phpliteadmin

Posted: Wed Mar 11, 2015 7:05 am
by amal
But these are things you usually don't do ;)