Announcement

Collapse
No announcement yet.

SC + SQLite security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SC + SQLite security

    I would like to ask any of you who developed any Apps for SQLite how secure the project is. I'm interested in an aspect of user hacking the project and logging into it. Another words, say I have an App that I want user to pay for to use. The App or Project is downloadable on-line, then user can just install it locally. How easy OR hard would be to break into the project to login ?
    I know it partially comes to how secure SQLite is but I'm not sure how / where SC project stores any secure data for connection to SQLite. Any tips appreciated.

    ARTHUR
    -----------------------------------------
    Arthur Klisiewicz
    dATA POINT SOFTWARE
    www.datapointsoftware.com

  • #2
    Can't answer the question in full, but regarding SQLite, this database is what it's name says: lite. It has no security at all although there are versions that encrypt the data. But SQLite has no user control like MySQL, and it is not multiuser. The reason why it works in PHP is that the database is access in a sequential way. I have created Delphi components for SQLite, and I was amazed about the low footprint, speed and ease of use. But with disadvantages.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      Have you ever tried to change the file access rights ? I was thinking is I give dB file DA (Denied Access) for all users except the system then they only way to open the file would be through App, but not sure if I'm right (?)

      I'm thinking of some way of having locacl data on PC or mobile device (with no i-net connection), then Sync'in the data with remove SQL/MySQL server. Just looking for solution, so I thought using SQLite would work if the direct access to SQLite file is somehow protected and user can only access data from SC App.
      -----------------------------------------
      Arthur Klisiewicz
      dATA POINT SOFTWARE
      www.datapointsoftware.com

      Comment


      • #4
        What do you want, protect information inside database or protect copying your App?
        /Giuseppe

        Professional Scriptcase Services
        Some Customers opinions

        Comment


        • #5
          I do not need an App protection, just the deta in the database. I also do not need a user level security. It is enough for me to protec the database file from opening and altering data by any utility etc. Another words I want the file to be accessible only through my App. The idea is to keep SC App locall on the PC and do the updates with remote MySQL server (when needed, or when the connection is present). Not sure how this would work in reality but this is the concept. If you or anybody has a better idea to keep off-line data on the PC and sync it with remote server - I would be happy to hear your solution.

          Arthur
          -----------------------------------------
          Arthur Klisiewicz
          dATA POINT SOFTWARE
          www.datapointsoftware.com

          Comment


          • #6
            The question is: How can one connect to an encrypted SQLite database from ScriptCase? When specifying a database connection there does not seem to be any way of specifying encryption keys for access.

            This stackoverflow article provides several solutions for SQLite database encryption: http://stackoverflow.com/questions/5...ord-protection

            I have not studied them in detail. However, just looking briefly at SQLite's own module (http://www.hwaci.com/sw/sqlite/see.html), it would seem that they require a database connection using the C API so that a special method can called with the key to open up the database. My guess is that the other solutions require a similar direct C API access.

            There would be no problem programming a desktop application using the SQLite Native C API. But developing in ScriptCase, their built in database connection object has to be used, and I do not off the top of my head see how one would combine the SC connection with a native C API access. I think it may require ScriptCase to build the encryption access into their tool, but I would be happy to be proven wrong.
            Best regards,

            Frank

            Comment


            • #7
              Thakns Orion, but I'm not sure why would I need to use API ? I simply think about creating and App with 2 connections.
              1-SQLite (localhost)
              2-MySQL. (remote IP

              Now, what I need to do is to exchange records between the two. I'm just wondering if anybody has used such configuration ?

              Another alteration of this same schema would be exchanging it between 2 SQL databases (one local and one remote), but this for local uer would be much more complex to install and configure initally
              -----------------------------------------
              Arthur Klisiewicz
              dATA POINT SOFTWARE
              www.datapointsoftware.com

              Comment


              • #8
                but I'm not sure why would I need to use API
                Because is the only way to encrypt an sqlite database
                /Giuseppe

                Professional Scriptcase Services
                Some Customers opinions

                Comment


                • #9
                  I do not need to encrypt it. I just need a user based access. I also to not need multiple users, single admin would be enough. Well perhaps I should do some research on SQLite forums.
                  -----------------------------------------
                  Arthur Klisiewicz
                  dATA POINT SOFTWARE
                  www.datapointsoftware.com

                  Comment

                  Working...
                  X