On 9/7/2017 2:32 PM, Jens Alfke wrote:
On Sep 7, 2017, at 10:24 AM, Igor Tandetnik <i...@tandetnik.org> wrote:

"Device will refuse to install" is precisely an instance of "security built in at 
the OS level".

Yes, but that's beside the point; it wasn't the relevant part of the example. 
Any software, privileged or not, can verify the signature and detect whether 
the binary has been modified. That's what the OP wants.

It might be difficult to keep the private key secret. A technician that has 
direct access to SQLite database file probably also has access to the binary 
used to manipulate it; and that binary would need the private key lying around 
someplace accessible.

Basically, if you can't trust your own admin personnel, you'd need a kind of 
military-grade security a la NSA post-Snowden, e.g. requiring two separate 
people to authenticate before access is granted. That gets pretty expensive 
pretty quickly.
Igor Tandetnik

sqlite-users mailing list

Reply via email to