Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-26 Thread RB Smissaert 
Thanks; will do that.

RBS

-Original Message-
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of MikeW
Sent: 26 January 2009 12:02
To: sqlite-users@sqlite.org
Subject: Re: [sqlite]Lock SQLite file by overwriting bytes and then un-lock?

RB Smissaert <bartsmissa...@...> writes:

> 
> Thanks for the tip, but does that work on a Windows Mobile device?
> 
> RBS
Don't know - also look at http://www.freeotfe.org/
(Google: encrypted files windows mobile)

Cheers,
MikeW

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-26 Thread MikeW 
RB Smissaert  writes:

> 
> Thanks for the tip, but does that work on a Windows Mobile device?
> 
> RBS
Don't know - also look at http://www.freeotfe.org/
(Google: encrypted files windows mobile)

Cheers,
MikeW

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-26 Thread RB Smissaert 
Thanks for the tip, but does that work on a Windows Mobile device?

RBS


-Original Message-
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of MikeW
Sent: 26 January 2009 11:40
To: sqlite-users@sqlite.org
Subject: Re: [sqlite]Lock SQLite file by overwriting bytes and then un-lock?

RB Smissaert <bartsmissa...@...> writes:

> 
> For some reason this mail went to the junk mail folder.
> That sounds good and I would be happy to buy this, but I am not sure
about:
> > All you need to do is replace the DLL
> I have number of dll's:
> For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is
used
> by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files
> are compiled by Olaf Schmidt.
> On the WM6 device: A .net dll System.Data.SQLite.DLL and a little
Basic4PPC
> dll, SQLDevice.dll, which I think is also a .net dll. These files are
> compiled by Erel, the author of Basic4PPC.
> How would SEE fit in with all this?
> 
> RBS

Since you are running Windows, I would have the app and standard SQLite DB,
and all ancillary data, stored on an properly encrypted drive.

e.g. http://www.truecrypt.org/

You can't be too careful with sensitive data like this.

Regards,
MikeW




___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-26 Thread MikeW 
RB Smissaert  writes:

> 
> For some reason this mail went to the junk mail folder.
> That sounds good and I would be happy to buy this, but I am not sure about:
> > All you need to do is replace the DLL
> I have number of dll's:
> For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is used
> by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files
> are compiled by Olaf Schmidt.
> On the WM6 device: A .net dll System.Data.SQLite.DLL and a little Basic4PPC
> dll, SQLDevice.dll, which I think is also a .net dll. These files are
> compiled by Erel, the author of Basic4PPC.
> How would SEE fit in with all this?
> 
> RBS

Since you are running Windows, I would have the app and standard SQLite DB,
and all ancillary data, stored on an properly encrypted drive.

e.g. http://www.truecrypt.org/

You can't be too careful with sensitive data like this.

Regards,
MikeW




___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread D. Richard Hipp 

On Jan 25, 2009, at 7:00 PM, RB Smissaert wrote:

> For some reason this mail went to the junk mail folder.
> That sounds good and I would be happy to buy this, but I am not sure  
> about:
>> All you need to do is replace the DLL
> I have number of dll's:
> For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX  
> is used
> by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These  
> files
> are compiled by Olaf Schmidt.
> On the WM6 device: A .net dll System.Data.SQLite.DLL and a little  
> Basic4PPC
> dll, SQLDevice.dll, which I think is also a .net dll. These files are
> compiled by Erel, the author of Basic4PPC.
> How would SEE fit in with all this?

If you have an SQLite.dll which is just a version of SQLite compiled  
for your platform, then you could just replace that one DLL with an  
SEE-enabled version of SQLite and you would be done.

The question is, do these other DLLs contain only SQLite, or other  
stuff too?  If they contain other stuff, then you will have to get the  
ability to recompile them in order to make use of SEE.


>
>
> RBS
>
>
> -Original Message-
> From: sqlite-users-boun...@sqlite.org
> [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of D. Richard Hipp
> Sent: 25 January 2009 19:40
> To: General Discussion of SQLite Database
> Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then
> un-lock?
>
>
> On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote:
>
>> Yes, you are right there. It won't be much good for anything else
>> then a
>> casual peek at the device. This is a clinical database, so it  
>> involves
>> patients, diagnoses, medications etc. The ID data and the clinical
>> data are
>> stored in different tables, but even then with a simple hex editor
>> it won't
>> be that difficult to match the 2 up.
>> So, I suppose the only solution is to encrypt the data. Problem is
>> that the
>> SQLite on the device can't decrypt and even if it could it would be a
>> different system than the one used on the desktop. The DB file is
>> made on
>> the desktop and then copied to the device and on the desktop I use
>> Olaf
>> Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is
>> developed with Basic4PPC and that is based on .Net and uses SQLite
>> 3.3.12.
>> Not sure there is an easy solution there without affecting the speed
>> of the
>> application.
>
>
> http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA
> requirements.  SEE supports cross-platform databases.  The key can be
> entered using PRAGMAs so no new interfaces are needed in your
> wrapper.  All you need to do is replace the DLL.  And by purchasing an
> SEE license, you get the additional satisfaction of knowing that you
> are helping to support the ongoing development and maintenance of
> SQLite :-)
>
>
> D. Richard Hipp
> d...@hwaci.com
>
>
>
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>
>
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

D. Richard Hipp
d...@hwaci.com



___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread RB Smissaert 
For some reason this mail went to the junk mail folder.
That sounds good and I would be happy to buy this, but I am not sure about:
> All you need to do is replace the DLL
I have number of dll's:
For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is used
by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files
are compiled by Olaf Schmidt.
On the WM6 device: A .net dll System.Data.SQLite.DLL and a little Basic4PPC
dll, SQLDevice.dll, which I think is also a .net dll. These files are
compiled by Erel, the author of Basic4PPC.
How would SEE fit in with all this?

RBS


-Original Message-
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of D. Richard Hipp
Sent: 25 January 2009 19:40
To: General Discussion of SQLite Database
Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then
un-lock?


On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote:

> Yes, you are right there. It won't be much good for anything else  
> then a
> casual peek at the device. This is a clinical database, so it involves
> patients, diagnoses, medications etc. The ID data and the clinical  
> data are
> stored in different tables, but even then with a simple hex editor  
> it won't
> be that difficult to match the 2 up.
> So, I suppose the only solution is to encrypt the data. Problem is  
> that the
> SQLite on the device can't decrypt and even if it could it would be a
> different system than the one used on the desktop. The DB file is  
> made on
> the desktop and then copied to the device and on the desktop I use  
> Olaf
> Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is
> developed with Basic4PPC and that is based on .Net and uses SQLite  
> 3.3.12.
> Not sure there is an easy solution there without affecting the speed  
> of the
> application.


http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA  
requirements.  SEE supports cross-platform databases.  The key can be  
entered using PRAGMAs so no new interfaces are needed in your  
wrapper.  All you need to do is replace the DLL.  And by purchasing an  
SEE license, you get the additional satisfaction of knowing that you  
are helping to support the ongoing development and maintenance of  
SQLite :-)


D. Richard Hipp
d...@hwaci.com



___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread RB Smissaert 
Thanks for the suggestion.
The problem is that I use 2 different wrappers, one for the desktop and one
for the device. Possibly, somehow it would be possible to add SSE to the
desktop wrapper, but it will be very difficult to get it added to the device
wrapper as I have no control over that.
Will bear this option in mind though.

RBS


-Original Message-
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Kees Nuyt
Sent: 25 January 2009 20:08
To: sqlite-users@sqlite.org
Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then
un-lock?

On Sun, 25 Jan 2009 18:29:28 -, "RB Smissaert"
<bartsmissa...@blueyonder.co.uk> wrote in General Discussion
of SQLite Database <sqlite-users@sqlite.org>:

>Would it be possible to make a SQLite file un-usable by overwriting bytes
in
>certain places and then (via an encrypted password) make the file usable
>again by putting the right bytes back in the right places?
>I use a VB wrapper that can encrypt the database, but I am using this
SQLite
>file on a Windows Mobile device and the SQLite wrapper used there can't do
>that.
>I can do this quite easy by picking some fixed bytes at the beginning of
the
>file, but it then is too easy to pick this up by comparing with a normal
>SQLite file. So, maybe I need to overwrite sqlite_master, but will it be
>possible to always find the start and end of that part of the file?
>Thanks for any ideas about this.
>
>RBS

If the security is important to you, it might be worth to
invest in SEE, the proprietary, licenced, SQLite Encryption
Extension:
http://www.sqlite.org/support.html

It makes sure only your application can access the database.
-- 
  (  Kees Nuyt
  )
c[_]
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread Kees Nuyt 
On Sun, 25 Jan 2009 18:29:28 -, "RB Smissaert"
 wrote in General Discussion
of SQLite Database :

>Would it be possible to make a SQLite file un-usable by overwriting bytes in
>certain places and then (via an encrypted password) make the file usable
>again by putting the right bytes back in the right places?
>I use a VB wrapper that can encrypt the database, but I am using this SQLite
>file on a Windows Mobile device and the SQLite wrapper used there can't do
>that.
>I can do this quite easy by picking some fixed bytes at the beginning of the
>file, but it then is too easy to pick this up by comparing with a normal
>SQLite file. So, maybe I need to overwrite sqlite_master, but will it be
>possible to always find the start and end of that part of the file?
>Thanks for any ideas about this.
>
>RBS

If the security is important to you, it might be worth to
invest in SEE, the proprietary, licenced, SQLite Encryption
Extension:
http://www.sqlite.org/support.html

It makes sure only your application can access the database.
-- 
  (  Kees Nuyt
  )
c[_]
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread D. Richard Hipp 

On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote:

> Yes, you are right there. It won't be much good for anything else  
> then a
> casual peek at the device. This is a clinical database, so it involves
> patients, diagnoses, medications etc. The ID data and the clinical  
> data are
> stored in different tables, but even then with a simple hex editor  
> it won't
> be that difficult to match the 2 up.
> So, I suppose the only solution is to encrypt the data. Problem is  
> that the
> SQLite on the device can't decrypt and even if it could it would be a
> different system than the one used on the desktop. The DB file is  
> made on
> the desktop and then copied to the device and on the desktop I use  
> Olaf
> Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is
> developed with Basic4PPC and that is based on .Net and uses SQLite  
> 3.3.12.
> Not sure there is an easy solution there without affecting the speed  
> of the
> application.


http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA  
requirements.  SEE supports cross-platform databases.  The key can be  
entered using PRAGMAs so no new interfaces are needed in your  
wrapper.  All you need to do is replace the DLL.  And by purchasing an  
SEE license, you get the additional satisfaction of knowing that you  
are helping to support the ongoing development and maintenance of  
SQLite :-)


D. Richard Hipp
d...@hwaci.com



___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread RB Smissaert 
Yes, you are right there. It won't be much good for anything else then a
casual peek at the device. This is a clinical database, so it involves
patients, diagnoses, medications etc. The ID data and the clinical data are
stored in different tables, but even then with a simple hex editor it won't
be that difficult to match the 2 up.
So, I suppose the only solution is to encrypt the data. Problem is that the
SQLite on the device can't decrypt and even if it could it would be a
different system than the one used on the desktop. The DB file is made on
the desktop and then copied to the device and on the desktop I use Olaf
Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is
developed with Basic4PPC and that is based on .Net and uses SQLite 3.3.12.
Not sure there is an easy solution there without affecting the speed of the
application.

RBS



-Original Message-
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Jay A. Kreibich
Sent: 25 January 2009 18:48
To: General Discussion of SQLite Database
Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then
un-lock?

On Sun, Jan 25, 2009 at 06:29:28PM -, RB Smissaert scratched on the
wall:
> Would it be possible to make a SQLite file un-usable by overwriting bytes
in
> certain places and then (via an encrypted password) make the file usable
> again by putting the right bytes back in the right places?
> I use a VB wrapper that can encrypt the database, but I am using this
SQLite
> file on a Windows Mobile device and the SQLite wrapper used there can't do
> that.
> I can do this quite easy by picking some fixed bytes at the beginning of
the
> file, but it then is too easy to pick this up by comparing with a normal
> SQLite file. So, maybe I need to overwrite sqlite_master, but will it be
> possible to always find the start and end of that part of the file?
> Thanks for any ideas about this.

  To what end?  What are you trying to protect against?

  If the database has sensitive information, especially strings, much
  of it can be recovered by simply dumping the database file with a
  hex-editor.  Simply making the file unreadable by the SQLite library
  provides only the bare minimum of protection.

  If all you want to do is prevent the casual user from browsing the
  file, then I suppose this will work.  Although your indication of
  scrambling the first few bytes as being "too easy" to fix seems to
  indicate you're after something stronger.

  If you really need to protect the data, you need to protect the data
  itself, not the access mechanism.  You either need to re-write the
  VFS to encrypt whole database pages, or you need to encrypt the data
  itself before it is stored into the database.

   -j

-- 
Jay A. Kreibich < J A Y  @  K R E I B I.C H >

"Our opponent is an alien starship packed with atomic bombs.  We have
 a protractor."   "I'll go home and see if I can scrounge up a ruler
 and a piece of string."  --from Anathem by Neal Stephenson
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users


___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?

2009-01-25 Thread Jay A. Kreibich 
On Sun, Jan 25, 2009 at 06:29:28PM -, RB Smissaert scratched on the wall:
> Would it be possible to make a SQLite file un-usable by overwriting bytes in
> certain places and then (via an encrypted password) make the file usable
> again by putting the right bytes back in the right places?
> I use a VB wrapper that can encrypt the database, but I am using this SQLite
> file on a Windows Mobile device and the SQLite wrapper used there can't do
> that.
> I can do this quite easy by picking some fixed bytes at the beginning of the
> file, but it then is too easy to pick this up by comparing with a normal
> SQLite file. So, maybe I need to overwrite sqlite_master, but will it be
> possible to always find the start and end of that part of the file?
> Thanks for any ideas about this.

  To what end?  What are you trying to protect against?

  If the database has sensitive information, especially strings, much
  of it can be recovered by simply dumping the database file with a
  hex-editor.  Simply making the file unreadable by the SQLite library
  provides only the bare minimum of protection.

  If all you want to do is prevent the casual user from browsing the
  file, then I suppose this will work.  Although your indication of
  scrambling the first few bytes as being "too easy" to fix seems to
  indicate you're after something stronger.

  If you really need to protect the data, you need to protect the data
  itself, not the access mechanism.  You either need to re-write the
  VFS to encrypt whole database pages, or you need to encrypt the data
  itself before it is stored into the database.

   -j

-- 
Jay A. Kreibich < J A Y  @  K R E I B I.C H >

"Our opponent is an alien starship packed with atomic bombs.  We have
 a protractor."   "I'll go home and see if I can scrounge up a ruler
 and a piece of string."  --from Anathem by Neal Stephenson
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users