[development] SQLite and Drupal 7 -- third coming
Andrew Berry
andrewberry at sentex.net
Wed Feb 4 17:20:48 UTC 2009
On 4-Feb-09, at 12:00 PM, Morbus Iff wrote:
> This isn't on the same mentality/vein as "well, we have to *trust*
> that the MySQL database is secure too, don't we?", because databases
> almost always get their own username and password - but the Apache
> webserver is most often run as a single user, without suexec'ing.
Since the web server can read settings.php, presumably the SQL DB
password could be extracted as well. So the same user module attack
could be executed regardless of SQLite?
--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20090204/6dab887f/attachment.bin
More information about the development
mailing list