[development] SQLite and Drupal 7 -- third coming

Chris Johnson cxjohnson at gmail.com
Wed Feb 4 19:08:18 UTC 2009

Heh.  I have plenty of faith in your, Karoly.  I just like to make
sure everything is covered.  Humans sometimes overlook obvious things.

I like the whitelist idea for paths.  Nice.


On Wed, Feb 4, 2009 at 11:55 AM, Karoly Negyesi <karoly at negyesi.net> wrote:
>> >From a security point of view, any time the web server process has
>> write access to any directory or file, it makes me nervous.  For this
>> SQLite scheme to work, obviously the web server process will have to
>> be able to create and update the file in which the SQLite database
>> resides.  This seems like it provides another possible vector for
>> exploits.  Tell me how we will protect against such attacks.
> I find your lack of faith disturbing :P  For two months I am aware http://drupal.org/node/332303#comment-1145308 of this problem and I have only brought the question of SQLite to the greater public now that I have http://drupal.org/node/367660 a solution.

More information about the development mailing list