[development] SQLite and Drupal 7 -- third coming
Chris Johnson
cxjohnson at gmail.com
Wed Feb 4 19:08:18 UTC 2009
Heh. I have plenty of faith in your, Karoly. I just like to make
sure everything is covered. Humans sometimes overlook obvious things.
:-)
I like the whitelist idea for paths. Nice.
..chris
On Wed, Feb 4, 2009 at 11:55 AM, Karoly Negyesi <karoly at negyesi.net> wrote:
>> >From a security point of view, any time the web server process has
>> write access to any directory or file, it makes me nervous. For this
>> SQLite scheme to work, obviously the web server process will have to
>> be able to create and update the file in which the SQLite database
>> resides. This seems like it provides another possible vector for
>> exploits. Tell me how we will protect against such attacks.
>
> I find your lack of faith disturbing :P For two months I am aware http://drupal.org/node/332303#comment-1145308 of this problem and I have only brought the question of SQLite to the greater public now that I have http://drupal.org/node/367660 a solution.
>
More information about the development
mailing list