4 Feb
2009
4 Feb
'09
6:55 p.m.
From a security point of view, any time the web server process has write access to any directory or file, it makes me nervous. For this SQLite scheme to work, obviously the web server process will have to be able to create and update the file in which the SQLite database resides. This seems like it provides another possible vector for exploits. Tell me how we will protect against such attacks.
I find your lack of faith disturbing :P For two months I am aware http://drupal.org/node/332303#comment-1145308 of this problem and I have only brought the question of SQLite to the greater public now that I have http://drupal.org/node/367660 a solution.