Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
Thanks; will do that. RBS -Original Message- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of MikeW Sent: 26 January 2009 12:02 To: sqlite-users@sqlite.org Subject: Re: [sqlite]Lock SQLite file by overwriting bytes and then un-lock? RB Smissaert writes: > > Thanks for the tip, but does that work on a Windows Mobile device? > > RBS Don't know - also look at http://www.freeotfe.org/ (Google: encrypted files windows mobile) Cheers, MikeW ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
RB Smissaert writes: > > Thanks for the tip, but does that work on a Windows Mobile device? > > RBS Don't know - also look at http://www.freeotfe.org/ (Google: encrypted files windows mobile) Cheers, MikeW ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
Thanks for the tip, but does that work on a Windows Mobile device? RBS -Original Message- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of MikeW Sent: 26 January 2009 11:40 To: sqlite-users@sqlite.org Subject: Re: [sqlite]Lock SQLite file by overwriting bytes and then un-lock? RB Smissaert writes: > > For some reason this mail went to the junk mail folder. > That sounds good and I would be happy to buy this, but I am not sure about: > > All you need to do is replace the DLL > I have number of dll's: > For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is used > by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files > are compiled by Olaf Schmidt. > On the WM6 device: A .net dll System.Data.SQLite.DLL and a little Basic4PPC > dll, SQLDevice.dll, which I think is also a .net dll. These files are > compiled by Erel, the author of Basic4PPC. > How would SEE fit in with all this? > > RBS Since you are running Windows, I would have the app and standard SQLite DB, and all ancillary data, stored on an properly encrypted drive. e.g. http://www.truecrypt.org/ You can't be too careful with sensitive data like this. Regards, MikeW ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
RB Smissaert writes: > > For some reason this mail went to the junk mail folder. > That sounds good and I would be happy to buy this, but I am not sure about: > > All you need to do is replace the DLL > I have number of dll's: > For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is used > by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files > are compiled by Olaf Schmidt. > On the WM6 device: A .net dll System.Data.SQLite.DLL and a little Basic4PPC > dll, SQLDevice.dll, which I think is also a .net dll. These files are > compiled by Erel, the author of Basic4PPC. > How would SEE fit in with all this? > > RBS Since you are running Windows, I would have the app and standard SQLite DB, and all ancillary data, stored on an properly encrypted drive. e.g. http://www.truecrypt.org/ You can't be too careful with sensitive data like this. Regards, MikeW ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
On Jan 25, 2009, at 7:00 PM, RB Smissaert wrote: > For some reason this mail went to the junk mail folder. > That sounds good and I would be happy to buy this, but I am not sure > about: >> All you need to do is replace the DLL > I have number of dll's: > For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX > is used > by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These > files > are compiled by Olaf Schmidt. > On the WM6 device: A .net dll System.Data.SQLite.DLL and a little > Basic4PPC > dll, SQLDevice.dll, which I think is also a .net dll. These files are > compiled by Erel, the author of Basic4PPC. > How would SEE fit in with all this? If you have an SQLite.dll which is just a version of SQLite compiled for your platform, then you could just replace that one DLL with an SEE-enabled version of SQLite and you would be done. The question is, do these other DLLs contain only SQLite, or other stuff too? If they contain other stuff, then you will have to get the ability to recompile them in order to make use of SEE. > > > RBS > > > -Original Message- > From: sqlite-users-boun...@sqlite.org > [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of D. Richard Hipp > Sent: 25 January 2009 19:40 > To: General Discussion of SQLite Database > Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then > un-lock? > > > On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote: > >> Yes, you are right there. It won't be much good for anything else >> then a >> casual peek at the device. This is a clinical database, so it >> involves >> patients, diagnoses, medications etc. The ID data and the clinical >> data are >> stored in different tables, but even then with a simple hex editor >> it won't >> be that difficult to match the 2 up. >> So, I suppose the only solution is to encrypt the data. Problem is >> that the >> SQLite on the device can't decrypt and even if it could it would be a >> different system than the one used on the desktop. The DB file is >> made on >> the desktop and then copied to the device and on the desktop I use >> Olaf >> Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is >> developed with Basic4PPC and that is based on .Net and uses SQLite >> 3.3.12. >> Not sure there is an easy solution there without affecting the speed >> of the >> application. > > > http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA > requirements. SEE supports cross-platform databases. The key can be > entered using PRAGMAs so no new interfaces are needed in your > wrapper. All you need to do is replace the DLL. And by purchasing an > SEE license, you get the additional satisfaction of knowing that you > are helping to support the ongoing development and maintenance of > SQLite :-) > > > D. Richard Hipp > d...@hwaci.com > > > > ___ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > > ___ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users D. Richard Hipp d...@hwaci.com ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
For some reason this mail went to the junk mail folder. That sounds good and I would be happy to buy this, but I am not sure about: > All you need to do is replace the DLL I have number of dll's: For the desktop: an ActiveX dll and a plain Windows dll. The ActiveX is used by my VBA/VB6 app and that ActiveX uses the plain Windows dll. These files are compiled by Olaf Schmidt. On the WM6 device: A .net dll System.Data.SQLite.DLL and a little Basic4PPC dll, SQLDevice.dll, which I think is also a .net dll. These files are compiled by Erel, the author of Basic4PPC. How would SEE fit in with all this? RBS -Original Message- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of D. Richard Hipp Sent: 25 January 2009 19:40 To: General Discussion of SQLite Database Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock? On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote: > Yes, you are right there. It won't be much good for anything else > then a > casual peek at the device. This is a clinical database, so it involves > patients, diagnoses, medications etc. The ID data and the clinical > data are > stored in different tables, but even then with a simple hex editor > it won't > be that difficult to match the 2 up. > So, I suppose the only solution is to encrypt the data. Problem is > that the > SQLite on the device can't decrypt and even if it could it would be a > different system than the one used on the desktop. The DB file is > made on > the desktop and then copied to the device and on the desktop I use > Olaf > Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is > developed with Basic4PPC and that is based on .Net and uses SQLite > 3.3.12. > Not sure there is an easy solution there without affecting the speed > of the > application. http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA requirements. SEE supports cross-platform databases. The key can be entered using PRAGMAs so no new interfaces are needed in your wrapper. All you need to do is replace the DLL. And by purchasing an SEE license, you get the additional satisfaction of knowing that you are helping to support the ongoing development and maintenance of SQLite :-) D. Richard Hipp d...@hwaci.com ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
Thanks for the suggestion. The problem is that I use 2 different wrappers, one for the desktop and one for the device. Possibly, somehow it would be possible to add SSE to the desktop wrapper, but it will be very difficult to get it added to the device wrapper as I have no control over that. Will bear this option in mind though. RBS -Original Message- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Kees Nuyt Sent: 25 January 2009 20:08 To: sqlite-users@sqlite.org Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock? On Sun, 25 Jan 2009 18:29:28 -, "RB Smissaert" wrote in General Discussion of SQLite Database : >Would it be possible to make a SQLite file un-usable by overwriting bytes in >certain places and then (via an encrypted password) make the file usable >again by putting the right bytes back in the right places? >I use a VB wrapper that can encrypt the database, but I am using this SQLite >file on a Windows Mobile device and the SQLite wrapper used there can't do >that. >I can do this quite easy by picking some fixed bytes at the beginning of the >file, but it then is too easy to pick this up by comparing with a normal >SQLite file. So, maybe I need to overwrite sqlite_master, but will it be >possible to always find the start and end of that part of the file? >Thanks for any ideas about this. > >RBS If the security is important to you, it might be worth to invest in SEE, the proprietary, licenced, SQLite Encryption Extension: http://www.sqlite.org/support.html It makes sure only your application can access the database. -- ( Kees Nuyt ) c[_] ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
On Sun, 25 Jan 2009 18:29:28 -, "RB Smissaert" wrote in General Discussion of SQLite Database : >Would it be possible to make a SQLite file un-usable by overwriting bytes in >certain places and then (via an encrypted password) make the file usable >again by putting the right bytes back in the right places? >I use a VB wrapper that can encrypt the database, but I am using this SQLite >file on a Windows Mobile device and the SQLite wrapper used there can't do >that. >I can do this quite easy by picking some fixed bytes at the beginning of the >file, but it then is too easy to pick this up by comparing with a normal >SQLite file. So, maybe I need to overwrite sqlite_master, but will it be >possible to always find the start and end of that part of the file? >Thanks for any ideas about this. > >RBS If the security is important to you, it might be worth to invest in SEE, the proprietary, licenced, SQLite Encryption Extension: http://www.sqlite.org/support.html It makes sure only your application can access the database. -- ( Kees Nuyt ) c[_] ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
On Jan 25, 2009, at 2:32 PM, RB Smissaert wrote: > Yes, you are right there. It won't be much good for anything else > then a > casual peek at the device. This is a clinical database, so it involves > patients, diagnoses, medications etc. The ID data and the clinical > data are > stored in different tables, but even then with a simple hex editor > it won't > be that difficult to match the 2 up. > So, I suppose the only solution is to encrypt the data. Problem is > that the > SQLite on the device can't decrypt and even if it could it would be a > different system than the one used on the desktop. The DB file is > made on > the desktop and then copied to the device and on the desktop I use > Olaf > Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is > developed with Basic4PPC and that is based on .Net and uses SQLite > 3.3.12. > Not sure there is an easy solution there without affecting the speed > of the > application. http://www.hwaci.com/sw/sqlite/see.html is often used to meet HIPAA requirements. SEE supports cross-platform databases. The key can be entered using PRAGMAs so no new interfaces are needed in your wrapper. All you need to do is replace the DLL. And by purchasing an SEE license, you get the additional satisfaction of knowing that you are helping to support the ongoing development and maintenance of SQLite :-) D. Richard Hipp d...@hwaci.com ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
Yes, you are right there. It won't be much good for anything else then a casual peek at the device. This is a clinical database, so it involves patients, diagnoses, medications etc. The ID data and the clinical data are stored in different tables, but even then with a simple hex editor it won't be that difficult to match the 2 up. So, I suppose the only solution is to encrypt the data. Problem is that the SQLite on the device can't decrypt and even if it could it would be a different system than the one used on the desktop. The DB file is made on the desktop and then copied to the device and on the desktop I use Olaf Schmidt's VB wrapper dhRichClient and SQLite 3.6.1. The device app is developed with Basic4PPC and that is based on .Net and uses SQLite 3.3.12. Not sure there is an easy solution there without affecting the speed of the application. RBS -Original Message- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Jay A. Kreibich Sent: 25 January 2009 18:48 To: General Discussion of SQLite Database Subject: Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock? On Sun, Jan 25, 2009 at 06:29:28PM -, RB Smissaert scratched on the wall: > Would it be possible to make a SQLite file un-usable by overwriting bytes in > certain places and then (via an encrypted password) make the file usable > again by putting the right bytes back in the right places? > I use a VB wrapper that can encrypt the database, but I am using this SQLite > file on a Windows Mobile device and the SQLite wrapper used there can't do > that. > I can do this quite easy by picking some fixed bytes at the beginning of the > file, but it then is too easy to pick this up by comparing with a normal > SQLite file. So, maybe I need to overwrite sqlite_master, but will it be > possible to always find the start and end of that part of the file? > Thanks for any ideas about this. To what end? What are you trying to protect against? If the database has sensitive information, especially strings, much of it can be recovered by simply dumping the database file with a hex-editor. Simply making the file unreadable by the SQLite library provides only the bare minimum of protection. If all you want to do is prevent the casual user from browsing the file, then I suppose this will work. Although your indication of scrambling the first few bytes as being "too easy" to fix seems to indicate you're after something stronger. If you really need to protect the data, you need to protect the data itself, not the access mechanism. You either need to re-write the VFS to encrypt whole database pages, or you need to encrypt the data itself before it is stored into the database. -j -- Jay A. Kreibich < J A Y @ K R E I B I.C H > "Our opponent is an alien starship packed with atomic bombs. We have a protractor." "I'll go home and see if I can scrounge up a ruler and a piece of string." --from Anathem by Neal Stephenson ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Lock SQLite file by overwriting bytes and then un-lock?
On Sun, Jan 25, 2009 at 06:29:28PM -, RB Smissaert scratched on the wall: > Would it be possible to make a SQLite file un-usable by overwriting bytes in > certain places and then (via an encrypted password) make the file usable > again by putting the right bytes back in the right places? > I use a VB wrapper that can encrypt the database, but I am using this SQLite > file on a Windows Mobile device and the SQLite wrapper used there can't do > that. > I can do this quite easy by picking some fixed bytes at the beginning of the > file, but it then is too easy to pick this up by comparing with a normal > SQLite file. So, maybe I need to overwrite sqlite_master, but will it be > possible to always find the start and end of that part of the file? > Thanks for any ideas about this. To what end? What are you trying to protect against? If the database has sensitive information, especially strings, much of it can be recovered by simply dumping the database file with a hex-editor. Simply making the file unreadable by the SQLite library provides only the bare minimum of protection. If all you want to do is prevent the casual user from browsing the file, then I suppose this will work. Although your indication of scrambling the first few bytes as being "too easy" to fix seems to indicate you're after something stronger. If you really need to protect the data, you need to protect the data itself, not the access mechanism. You either need to re-write the VFS to encrypt whole database pages, or you need to encrypt the data itself before it is stored into the database. -j -- Jay A. Kreibich < J A Y @ K R E I B I.C H > "Our opponent is an alien starship packed with atomic bombs. We have a protractor." "I'll go home and see if I can scrounge up a ruler and a piece of string." --from Anathem by Neal Stephenson ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Lock SQLite file by overwriting bytes and then un-lock?
Would it be possible to make a SQLite file un-usable by overwriting bytes in certain places and then (via an encrypted password) make the file usable again by putting the right bytes back in the right places? I use a VB wrapper that can encrypt the database, but I am using this SQLite file on a Windows Mobile device and the SQLite wrapper used there can't do that. I can do this quite easy by picking some fixed bytes at the beginning of the file, but it then is too easy to pick this up by comparing with a normal SQLite file. So, maybe I need to overwrite sqlite_master, but will it be possible to always find the start and end of that part of the file? Thanks for any ideas about this. RBS ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users