sqlite user/password security
sqlite relies on file permissions to secure the data, as you've mentioned it doesn't require a login. From IBM
SQLite has no concept of user accounts, and instead relies on the file system for all database permissions. This makes enforcing storage quotas difficult and enforcing user permissions impossible.
The way you secure your database is to set file permissions so that only specific users can access the data. If you're running a web site on Linux, you can set these using chmod. Typically, you set the web server to run under its own user, such as www-data, and then restrict access to the sqlite file to only that user. For example:
chown www-data database.db # set ownership of the database.db file.chmod 600 database.db # allow only read-write by the owner.This prevents third party programs or any external parties from reading the database by leveraging the file system security.
The prior answers are only partially true. You can have databases that require authentication but you'll have to compile SQLite separately from PHP.
http://www.sqlite.org/src/doc/trunk/ext/userauth/user-auth.txt
So, anybody can access it. Isn't it a security hole to keep sensitive information?
As others have said, it was not a design goal of the SQLite folks. They had other goals, like being able to embed the database code directly in your app.
You can password protect and encrypt the SQLite database, but you need to use SQLCipher.