-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lauri Ojansivu wrote: > Another option is to buy Molebox that encrypts vb exe, sqlite database > and other files to single packed exe where reading sqlite database > from encrypted exe works like it was in same directory without any > encryption, and database is not extracted to disk in any phase.
A better question for the original poster is how much would you want a bad guy to have to spend (time, tools, expertise) in order to get the contents of your database. If you just want to obfuscate things then you can write your own vfs that knows how to unobfuscate the data (doing something as trivial as xorring each page with a different value would be sufficient). It would cost the bad guy up to a few hundred dollars (mostly time). If you have used something like Molebox then it will cost them a few thousand if it hasn't been cracked already in which case it is back to a few hundred. Remember they have all the time in the world to do this (eg they can take two years - will a two year old version of the database be useful to bad guys?). But most of those products are cracked since they product multiple other people's products so cracking the scheme itself gets you multiple results. A quick google shows that Molebox itself has been cracked, serial keygenned etc to various degrees. To get beyond this point you can only do so by offering the data as an online service (ie authenticating each request and limiting the response) or having complete hardware control over the environment in which the program is done. (The encryption keys and code have to exist on the machine at some point so a determined cracker can get them.) In general the way this whole problem is normally solved is by treating your customers well, offering good value, spending the money you would have spent on these harebrained schemes on making a better product, having frequent updates, being a leader in your product space etc. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIDxD0mOOfHg372QQRAjKNAJ9yyt/QSckGZsj5I1Q1XsEnQx+jPgCdGSMO yHaTmJYqsQzu0K2oQJBLzQ8= =Z37t -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
