[development] SQLite and Drupal 7 -- third coming

Karoly Negyesi karoly at negyesi.net
Wed Feb 4 17:55:09 UTC 2009


> >From a security point of view, any time the web server process has
> write access to any directory or file, it makes me nervous.  For this
> SQLite scheme to work, obviously the web server process will have to
> be able to create and update the file in which the SQLite database
> resides.  This seems like it provides another possible vector for
> exploits.  Tell me how we will protect against such attacks.

I find your lack of faith disturbing :P  For two months I am aware http://drupal.org/node/332303#comment-1145308 of this problem and I have only brought the question of SQLite to the greater public now that I have http://drupal.org/node/367660 a solution.


More information about the development mailing list