[development] SQLite and Drupal 7 -- third coming

Andrew Berry andrewberry at sentex.net
Wed Feb 4 17:20:48 UTC 2009


On 4-Feb-09, at 12:00 PM, Morbus Iff wrote:

> This isn't on the same mentality/vein as "well, we have to *trust*  
> that the MySQL database is secure too, don't we?", because databases  
> almost always get their own username and password - but the Apache  
> webserver is most often run as a single user, without suexec'ing.

Since the web server can read settings.php, presumably the SQL DB  
password could be extracted as well. So the same user module attack  
could be executed regardless of SQLite?

--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20090204/6dab887f/attachment.bin 


More information about the development mailing list