"Jay A. Kreibich" <[email protected]> writes: > On Sat, Jul 31, 2010 at 01:12:36PM -0400, Nikolaus Rath scratched on the wall: >> >> When tracing down bugs in an application that uses SQLite, I have >> repeatedly faced the problem that I wanted to send (or get) a copy of >> the sqlite database without disclosing potentially sensitive contents. >> >> I think it would be fantastic if SQLite had a build-in crypt() function, >> so that I could simply copy the database and then do >> >> UPDATE my_secret_contacts SET name=crypt(name, 'bz'), phone=crypt(phone, >> 'za'); >> >> i.e., scramble all the information but keep the structure intact. > > I would forget the hash all together. Just assign random data. > > If you know the columns do NOT have duplicate values, or you don't > care about matching rows, this is trivial: > > UPDATE my_secret_contacts SET name = hex( randomblob( 16 ) ), > phone = hex( randomblob( 16 ) );
Oh, that's interesting. I considered that at the beginning, but I never tried it because I assumed that randomblob() would be evaluated only once and it would set all rows to the same value. Does that mean that if I execute UPDATE bla SET number = 1+1; SQLite will calculate 1+1 again and again for every row in the table? Anyway, especially with keeping the mapping table this seems like a much better solution than the hash function. Thanks! >> Therefore I was wondering what the opinions are about including a >> crypt() function in SQLite itself. Is that a sensible idea or nonsense? > > If this was to go into the core, you would want cross-platform, > cross-OS compatibility, which means putting the actual hash function > itself into SQLite, and not depending on a system library call. > So you'd be shipping crypto code. Because the SQLite project is located > in the United States, that's going to get very messy, from a legal > standpoint, especially with SQLite's not-a-license distribution. That's a good enough reason indeed. Thanks for clarifying. Best, -Nikolaus -- »Time flies like an arrow, fruit flies like a Banana.« PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
