SQLite Database File Found
Description
An SQLite database file has been discovered in a publicly accessible directory on the web server. SQLite databases are self-contained files that often store application data, user credentials, session information, or other sensitive records. When exposed through a web server, these files can be directly downloaded by unauthorized users, potentially revealing confidential information about the application's structure and data.
Remediation
Immediately verify the contents of the SQLite database file to determine if it contains sensitive information. If the file contains sensitive data, take the following actions:
1. Remove the database file from the publicly accessible web directory if it is not required for application functionality
2. If the file must remain accessible to the application, move it outside the web root directory and configure your application to access it using absolute file paths
3. Implement web server access controls to deny direct HTTP access to database files. For Apache, add the following to your .htaccess file:
<FilesMatch "\.db$|sqlite"> Require all denied </FilesMatch>For Nginx, add this to your server configuration:
location ~* \.(db|sqlite|sqlite3)$ {
deny all;
}4. Review your deployment process to ensure database files are not inadvertently included in production releases5. Conduct a comprehensive audit to identify any other sensitive files that may be publicly accessible