Suggestions to Explore/Document: DB Administration/Querying, Encryption at Rest

Love the idea behind this repo (and your comment on hn)! Have ran into similar questions when I started trying to actually use SQLite for a production grade app like so many articles suggest. Had a couple more questions I've run into that may be useful for those exploring SQLite in the future (not that you're required to find answers for them, but figured it was worth at least attaching to the repo):

Security/Encryption at Rest

SQLite has different security considerations as a plain file than something like PostgreSQL does as a server. If someone grabs the file, they have your whole database and can query it.

option A: In the past I've encrypted fields in the application before inserting, since all the encrypted SQLite tools I found seemed like more effort to install than the version built into Python.
option B: ? Curious what options other follow. Examples using Flask usually use BCrypt or etc. to has passwords, but what about data that can't be hashed, but you still want to have some level of security over it?

DB Administration/Querying

If you're running an app, at some point you'll likely need to be able to easily edit a field for a user, or check their state. Since it's not a running server, you can't just attach to the DB from SQLWorkbench or the like.

option A: From a discussion on the fly forums on exposing SQLite to external connections, there was a suggestion to set up [Nocodb]() on the same server and then connect with fly proxy.
- I haven't tried getting the proxy setup to work, but I was able to get a Docker image configured that serves both my application & Nocodb connected to my SQLite app DB.
- ⚠️This is just a POC, not the most efficient. Using the Nocodb binary adds like 120+MB to your image.
```
#####
# Dockerfile
#####
FROM curlimages/curl:latest AS fetch
WORKDIR /usr/src/
# This is a fat file of 100+MB, probably want a better plan here
RUN curl http://get.nocodb.com/linux-x64 -o nocodb -L && chmod +x nocodb
```
FROM python:3.10.7-slim

ENV WB_DATA_DIR=/usr/app/data/ ENV ENV=PROD ENV DB_TYPE='sqlite' ENV NC_DISABLE_TELE=true ENV NC_MIN=true ENV NC_DB='sqlite3://sqlite3?d=/usr/app/data/noco.db'

WORKDIR /usr/src/app/

This is how we get nocodb into our image from the multi-stage build

COPY --from=fetch /usr/src/nocodb ./ COPY requirements.txt ./requirements.txt RUN mkdir -p /usr/app/data/; pip install -U pip && pip install -r ./requirements.txt ADD buddy ./buddy COPY ./.py ./.sh /usr/src/app/

RUN useradd demo && chown demo /usr/app/data/

RUN chown demo /usr/src/app/

USER demo

EXPOSE 4747 8080

ENTRYPOINT ["bash", "/usr/src/app/run-prod.sh"]
```
- And then added this to the `run-prod.sh` script:
```
TODO: try out the gross way of running it https://fly.io/docs/app-guides/multiple-processes/#just-use-bash

TODO: file is 116MB, don't download every time

/usr/src/app/nocodb &
option B: Just use Supabase (Hosted Postedql+more)? Costs money after 500MB free tier.
- Or trade time to save money and Self-host Supabase
option C: Just use Pocketbase?
PocketBase is an open source Go backend, consisting of:
- embedded database (SQLite) with realtime subscriptions
- built-in files and users management
- convenient Admin dashboard UI
- and simple REST-ish API

Backups

Might be worth mentioning Litestream since it's commonly suggested, even if it you don't want it implemented on the project.

irskep / cheapo_website