On my under development website I am using a standalone SQL database file, users.db, to store user login details.
在我的开发网站下,我正在使用一个独立的SQL数据库文件,用户。db,用于存储用户登录详细信息。
I am wondering though: Should I be using full MySQL integrated to the server like PHPMyAdmin? Is my current "solution" as risky as I think?
我想知道:我是否应该使用完整的MySQL集成到服务器上,比如PHPMyAdmin?我目前的“解决方案”是否像我认为的那样危险?
I am handling it this way as it means easy access from a number of utilities, including standalone desktop Python programs, via SQLite3 but is this insecure? The file is in my secured cgi-bin but could someone get their hands on it and just download the whole database?
我以这种方式处理它,因为它意味着从许多实用程序(包括独立的桌面Python程序)通过SQLite3轻松访问,但这是不安全的吗?这个文件在我的cgi-bin中,但是有人能得到它并下载整个数据库吗?
Any and all advice or clarification appreciated, Ilmiont
如有任何建议或澄清,敬请谅解
2 个解决方案
#1
2
Both SQLite and MySQL store their data in some file(s). Both are insecure if you allow HTTP users to access these files.
SQLite和MySQL都将数据存储在一些文件中。如果允许HTTP用户访问这些文件,两者都是不安全的。
Typically, the default configuration of MySQL puts the database files into a separate, non-public directory, while SQLite has no defaults and allows you to put the file anywhere. But when you are aware of the possible problem, SQLite is as secure as MySQL. (Checking is easy; just test if http://www.example.com/cgi-bin/users.db works from the outside.)
通常,MySQL的默认配置将数据库文件放在一个单独的非公共目录中,而SQLite没有缺省设置,允许您将文件放在任何位置。但是当您意识到可能出现的问题时,SQLite和MySQL一样安全。(检查很容易;只要测试http://www.example.com/cgi-bin/users.db是否在外部工作就可以了。
#2
0
First of all, if you're on a linux machine, not sure about windows, you can set users and file permissions who are allowed access to that file, but you should know what you're doing when it comes to permissions. The other thing that you want to make sure of is the file location. Don't place the file in the web root, place it somewhere else not accessible from the web, but accessible to your app.
首先,如果您在linux机器上,不确定windows,您可以设置允许访问该文件的用户和文件权限,但是当涉及到权限时,您应该知道自己在做什么。另一件要确保的事情是文件位置。不要将文件放置在web根目录中,将其放置在其他无法从web访问的地方,但是可以访问您的应用程序。
#1
2
Both SQLite and MySQL store their data in some file(s). Both are insecure if you allow HTTP users to access these files.
SQLite和MySQL都将数据存储在一些文件中。如果允许HTTP用户访问这些文件,两者都是不安全的。
Typically, the default configuration of MySQL puts the database files into a separate, non-public directory, while SQLite has no defaults and allows you to put the file anywhere. But when you are aware of the possible problem, SQLite is as secure as MySQL. (Checking is easy; just test if http://www.example.com/cgi-bin/users.db works from the outside.)
通常,MySQL的默认配置将数据库文件放在一个单独的非公共目录中,而SQLite没有缺省设置,允许您将文件放在任何位置。但是当您意识到可能出现的问题时,SQLite和MySQL一样安全。(检查很容易;只要测试http://www.example.com/cgi-bin/users.db是否在外部工作就可以了。
#2
0
First of all, if you're on a linux machine, not sure about windows, you can set users and file permissions who are allowed access to that file, but you should know what you're doing when it comes to permissions. The other thing that you want to make sure of is the file location. Don't place the file in the web root, place it somewhere else not accessible from the web, but accessible to your app.
首先,如果您在linux机器上,不确定windows,您可以设置允许访问该文件的用户和文件权限,但是当涉及到权限时,您应该知道自己在做什么。另一件要确保的事情是文件位置。不要将文件放置在web根目录中,将其放置在其他无法从web访问的地方,但是可以访问您的应用程序。