1

(4 replies, posted in PunBB 1.2 troubleshooting)

Sorry, I should have explained better - I install punBB inside my web directory, and now let's say I have a database file forum.db which is somewhere on the web server. The user running the web server is apache, so I can set the owner of the forum.db file to be apache. I tell punBB to use that database file. That all works fine.

Now let's say another user comes along, and decides to install a forum of his own in his own web space - there is nothing to stop him from using the same database file as me, since he can use any file accessible by apache, right? There is nothing really linking the database file to a specific forum or my user on the computer. Does this make sense? Of course, I could just rely on the user being honest and using a different table prefix, but we all know that trusting users to be honest is not the best security measure :-) So he could write a php file which would essentially delete all tables in my database file, or insert spam, right?

Thanks,

2

(4 replies, posted in PunBB 1.2 troubleshooting)

Since sqlite does not use usernames and passwords, what is to stop someone on a same computer from accessing and editing the sqlite database file? If it can be written to by the web server, then presumably anyone can edit it via some php code?

Thanks,

3

(2 replies, posted in PunBB 1.2 troubleshooting)

Thanks!

4

(2 replies, posted in PunBB 1.2 troubleshooting)

Hi all,

The installation instructions state:

SQLite: PunBB 1.2.* has only been thoroughly tested on versions 2.8.11 and 2.8.14 of SQLite, but should work with basically any version.

I have sqlite3, and SQLite does not appear as an option when attempting to install punBB. I have read older posts which say that sqlite3 was not supported at the time, but since the installation instructions state "should work with basically any version", I assume sqlite3 is not supported?

Thanks,