Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: How to secure SQLite3 in Windows IIS CGI

by aitap (Curate)
on May 31, 2019 at 08:26 UTC ( #11100766=note: print w/replies, xml ) Need Help??

in reply to How to secure SQLite3 in Windows IIS CGI

The question is how do I best secure the database itself?

There is no universal answer since it depends on what you are securing the database from. (What is your threat model?)

Not serving the database file itself for everyone to download as a static file is a great first measure. But what is the password supposed to protect from? Other users on the same server? That should be handled by file ownership and permissions provided by the operating system. Hackers with access to files belonging to the web server? They would just read the password from the same place the web server reads it from to serve the database content.

Nevertheless, if you do have a use for database encryption and you don't have the budget for $2000 SEE, another option to consider is free SQLCipher.

  • Comment on Re: How to secure SQLite3 in Windows IIS CGI

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11100766]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2023-03-24 18:48 GMT
Find Nodes?
    Voting Booth?
    Which type of climate do you prefer to live in?

    Results (61 votes). Check out past polls.