Reputation: 14128
Recommended File Permissions for Web-based SQLite File
I am working on a web app that needs read/write access to an SQLite database file. As I understand it, the parent folder needs to be set to 777 in order to be able to open the database with PHP (source).
What are the recommended file permissions for the .db file itself? Bear in mind that I need to be able to overwrite the file with PHP as well.
Furthermore, are there any security risks with the database if its parent is 777? The folder is created by PHP. I'm just trying to make sure I can get work done without creating security risks.
Thanks!
Upvotes: 5
Views: 6198
Answers (1)
Reputation: 25165
You should have Apache (the web server) own the folder.
Or maybe create a group like www-dev consisting of MySQL and Apache and then set the folder group to www-dev and the permissions to 770 .
Just don't make the folder public with 777 - specially on a shared server.
Upvotes: 8
Related Questions
- What permissions for PHP scripts/directories?
- handling access permissions of a folder containing SQLite database on Apache server
- PDO SQLite create database default permissions
- Proper write permissions for apache user with SQLite
- Should the user "apache" own my SQLite database?
- SQLite Database Security Using File Name
- Minimum permissions needed to allow PHP PDO / Apache access to SQLite database in /var/www
- How should I set SQLite3 DB permissions on a live website?
- SQLite/PHP read-only?
- sqlite journal file location