Hi. I just wrote a very simple application that uses SQLite. I don't know how much crossover there is, but what I did was create the db as myself, set the perms of the directory it's in to 600, and then added the web server account as rw to the ACLs of the directory and file. The script itself checks the user's identity by using the REMOTE_USER env var. Having a .htacc file in the same directory as the script limits anyone not in a certain security group from even accessing the application. So basically you can't even see the page unless you're logged in and cookied, but that's transparent to me cos that's just how the web server is set up. I also locked down permissions on the directory the script lives in so no one can look at the code. The residual risk is someone who also has privileges to write CGI scripts writes a program to access the database, and in my org. that's apparently OK since there's a vetting process for programmers to get CGI script writing privileges, and it would take a lot of concerted effort and some luck.

Does that make sense?

_________________________________________________________________________________

I like computer programming because it's like Legos for the mind.