I agree with that. However if I were writing such an application I would worry about folks copying the database and possibly rendering the database useless.
There are a few things that I would recommend. To keep others from reading the database you will have to write some sort of encryption routine into your application that uses a symmetric key - I would recommend something that uses AES since this is the adopted standard, however there are plenty of reasonable encryption routines available in the public domain. Either the user has to type a password to unlock the key and decrypt the database or you will have to store the key in a hash file that is read when the application is open. I recommend that you get a copy of "Applied Cryptography" by Bruce Schneier for more information on this subject. This will not prevent anyone from opening the encrypted database, however, so you have to take care that your NTFS file permissions grant access to only those authorized to access the database. Otherwise you would subject the database to denial of service attacks by means of editing the encrypted database and possibly corrupting it. Bear in mind that no security controls are foolproof. If someone really wants access, they are going to get it. All you are trying to do is make it costly for potential attackers to access your data to a point where they consider that the cost outweighs the value. Timothy A. Sawyer, CISSP Managing Director MBD Solutions Phone: (603) 546-7132 Web: http://www.mybowlingdiary.com Email: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 20, 2008 2:17 AM To: sqlite-users@sqlite.org Subject: Re: [sqlite] SQLite file security I think the question by the original poster was about data security and not file security. He probably does not mind if the file is copied, but the data should be decipherable only by his application. -Shibu -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kees Nuyt Sent: Thursday, November 20, 2008 2:17 AM To: General Discussion of SQLite Database Subject: Re: [sqlite] SQLite file security On Wed, 19 Nov 2008 12:31:22 +0530, "Satish" <[EMAIL PROTECTED]> wrote in General Discussion of SQLite Database <sqlite-users@sqlite.org>: >Hi! > > > > I am basically a windows application developer. I am developing an >application for desktop which uses a database. I choose SQLite as my >database and my issue is if any one finds my application is using SQLite >database they can corrupt my database or they can see the contents of my >database using a program(they can open my SQLite file). The SQLite database is a normal file. The only thing that can protect it is the security the Windows filesystem offers. With NTFS, you have fine grained control over file access. > Now my question is how I can provide security to my database for >example no one can access my database except my application .how can I >provide security > >Plz provide me best solution to provide security to my database without any >Data loss. Use ACL. Run the application in an account that has access to the file, Refuse access to all other accounts. >Regards, > >Satish.G -- ( Kees Nuyt ) c[_] _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users DISCLAIMER: This message contains privileged and confidential information and is intended only for an individual named. If you are not the intended recipient, you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
