On 9/7/2017 1:16 PM, Jens Alfke wrote:
On Sep 7, 2017, at 10:06 AM, Simon Slavin <slav...@bigfraud.org> wrote:

In that case any solution implemented entirely within SQLite is insecure 
because the admins can simply replace the entire file.  Or use a hex editor to 
replace the checksum values.  In cases like this the security the OP is asking 
for has to be built in at the OS level.

No, there are plenty of high level ways of tamper-proofing files. See my 
initial response.

(For example, Apple and Google use digital signatures to tamper-proof 
applications distributed through their app stores. Any modification to the app 
binary invalidates the signature, and the device will refuse to install or 
launch it.)

"Device will refuse to install" is precisely an instance of "security built in at 
the OS level".
Igor Tandetnik

sqlite-users mailing list

Reply via email to