From a security point of view, any time the web server process has write access to any directory or file, it makes me nervous. For this SQLite scheme to work, obviously the web server process will have to be able to create and update the file in which the SQLite database resides. This seems like it provides another possible vector for exploits. Tell me how we will protect against such attacks.
This brings up a good point, I believe. One potential avenue would be a webuser rewriting the file to point to a different directory for, say, the user.module, and then capturing all entered passwords in his own custom code. This isn't on the same mentality/vein as "well, we have to *trust* that the MySQL database is secure too, don't we?", because databases almost always get their own username and password - but the Apache webserver is most often run as a single user, without suexec'ing. -- Morbus Iff ( *splutch* ... /me respawns ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy: http://www.disobey.com/ and http://www.videounderbelly.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus