What do you mean "extract"? If I create a C# windows application and hardcode the decryption key in a string variable (so that my app can access the contents of the db) and compile the application into an .exe file, can someone really find out the key just by using the .exe file? I know there's ways to reverse engineer applications but I don't know you could extract pieces of code like that. If they can find the key like that, does that mean that all of my C# code is available to them aswell? Thank you for your concern, but the application I'm creating is for personal use only, I'm not planning on making it public. It's just an application I plan to carry around on my usb to check for new email messages and I plan to store the email credentials on the db and some other application settings. I just want to encrypt the email credentials in case I ever lose the usb drive.
On Thursday, January 8, 2015 at 9:44:27 PM UTC, Jens Alfke wrote: > > > On Jan 8, 2015, at 11:55 AM, Jsparrow <[email protected] <javascript:>> > wrote: > > I see. I'll have to go with encryption then. The key can always be > hardcoded in the application anyway. Thanks for the assistance. > > > That's not secure! A hacker can very easily extract the key from the app > and use it to decrypt anyone's database. (This sort of thing happens all > the time, sadly.) > > It would be irresponsible of you to promise data security to your users > and not actually deliver it. And depending on the specific situation and > the country, it could be illegal. For example, if this were a healthcare > related app to be used in the USA, you could be violating HIPAA regulations > by providing insufficient data security. > > What exactly do you need the data security for, and what sorts of attacks > are you trying to prevent? > > —Jens > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/77f8886d-a39e-4cd7-a4f9-2d67016068ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
