sqlite user/password security
sqlite relies on file permissions to secure the data, as you've mentioned it doesn't require a login. From IBM
SQLite has no concept of user accounts, and instead relies on the file system for all database permissions. This makes enforcing storage quotas difficult and enforcing user permissions impossible.
The way you secure your database is to set file permissions so that only specific users can access the data. If you're running a web site on Linux, you can set these using chmod
. Typically, you set the web server to run under its own user, such as www-data
, and then restrict access to the sqlite file to only that user. For example:
chown www-data database.db # set ownership of the database.db file.
chmod 600 database.db # allow only read-write by the owner.
This prevents third party programs or any external parties from reading the database by leveraging the file system security.
The prior answers are only partially true. You can have databases that require authentication but you'll have to compile SQLite separately from PHP.
http://www.sqlite.org/src/doc/trunk/ext/userauth/user-auth.txt