I am building a website for the company I work for, for which the front-end has been done. Currently the site populates itself from information read off a JSON file.
I will be leaving this job soon, and want to leave the site so that other employees will be able to update it without needing to know how to read and write JSON data properly. So I am writing a VERY simple site to do the updates (list the projects currently on the live site, lets users add a project, delete a project or reorder projects.) The data is all text, and I am doing some basic sanitizing in JS before calling the server to write. What's more, I am using .htaccess to require employees to log in to even get to this part of the site.
So now I am to the point where I need an actually database to write to. As our website is run off of an OSX server, we already had SQLite3 installed. It seemed from what I read here on StackOverflow that SQLite works just fine as a live database, as long as I dont need UN/PW access, or the need to scale up to 100k+ hits. (We are a small company - we will be getting 2-3 hits a day).
I starting setting up a PHP page to connect to the database and write to it, and after a silent failure, realized that the .DB file needed RW access for group in order for the website to access it. This would mean a chmod to at least 444, if not 777, for the db and the directory holding it (I assume). I asked my boss, who handles server admin, about setting this up, and he said he was not comfortable doing this. And while I understand his concern, I am not sure what else I am supposed to do. Without RW access on the file, I don't know any other means to make this work.
So what are my options? Should I abandon SQLite and just install MySQL? And if I do stick with SQLite, what are best practices for security? Is there some accepted best way to set it up the batabase / encrypt data / hide the database?
Thanks!
