SQLite Database: Read / Write

Explanation

In htdocs/code-examples/sqlite/ I have an sqlite database file called cars.db and index.php. I inserted some data into the database using an SSH connection to the Bytemark server and the sqlite3 command line programme.

In index.php I have this explanation and a form to add more records to the cars.db and PHP code to add the data submitted from the form to be added to the database. The index.php file also has PHP code for reading data from the database.

Changing Permissions on cars.db and sqlite/

Information can be read from the database without changing any permissions on the server. In order for data to be written to the database from the PHP script in index.php permissions were changed on cars.db and on sqlite/:
admin@sserv:~/stevespages.org.uk/public/htdocs$ chmod 777 code-examples/sqlite/cars.db
admin@sserv:~/stevespages.org.uk/public/htdocs$ chmod 777 code-examples/sqlite/

When the appropriately flagged list command is issued the following permission can now be seen:
-rwxrwxrwx 1 admin admin 8192 Jun 23 17:08 code-examples/sqlite/cars.db
drwxrwsrwx 2 admin admin 4096 Jun 23 17:08 code-examples/sqlite/

With the persmission changes described above data can now be written to the cars.db database from the form and PHP code in the index.php file. The concern is that these permissions would represent a security risk on the server.

Changing Ownership of cars.db and sqlite/

On the Bytmarks server Apache runs as the user: www-data. The permissions on cars.db and sqlite/ were restored to their default values and the owner of both were changed from admin to www-data while code-examples was kept at its default values:
-rw-r--r-- 1 www-data admin 8192 Jun 25 00:40 cars.db
drwxr-sr-x 2 www-data admin 4096 Jun 25 00:44 sqlite/
drwxr-sr-x 6 admin admin 4096 Jun 23 17:08 code-examples/

These setting enable the SQLite database to be written to from the PHP script and would seem to be more secure than changing permissions on the files.

Test Read / Write to SQLite database

Below we first test writing data to the database and then reading data from it.

Write: Submit the Form

Read: Display cars.db database