On 12 Feb 2013, at 3:24pm, Stephen Chrzanowski <pontia...@gmail.com> wrote:
> If you have a kind of information that you want to protect the user from > getting access to, this is *NOT* the proper manor of doing so. This will > make it more interesting for an (ab)user to get to the file, however, > anyone with sufficient rights can just take ownership of the file, change > the file permissions, and still gain access to the file. Right. Even if reading the raw database file is no help, if you use encryption at the field level all they need to do is use a SQLite utility to replace the encrypted password for an admin account with the encrypted password from their own account. If you want to prevent users from getting at the database file as a file, put the database file somewhere where they can't see it at all, and use a server to feed them the data from it. That's your only protection. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
