No announcement yet.

SC + SQLite security

  • Filter
  • Time
  • Show
Clear All
new posts

  • SC + SQLite security

    I would like to ask any of you who developed any Apps for SQLite how secure the project is. I'm interested in an aspect of user hacking the project and logging into it. Another words, say I have an App that I want user to pay for to use. The App or Project is downloadable on-line, then user can just install it locally. How easy OR hard would be to break into the project to login ?
    I know it partially comes to how secure SQLite is but I'm not sure how / where SC project stores any secure data for connection to SQLite. Any tips appreciated.


  • #2
    Can't answer the question in full, but regarding SQLite, this database is what it's name says: lite. It has no security at all although there are versions that encrypt the data. But SQLite has no user control like MySQL, and it is not multiuser. The reason why it works in PHP is that the database is access in a sequential way. I have created Delphi components for SQLite, and I was amazed about the low footprint, speed and ease of use. But with disadvantages.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development /


    • #3
      Have you ever tried to change the file access rights ? I was thinking is I give dB file DA (Denied Access) for all users except the system then they only way to open the file would be through App, but not sure if I'm right (?)

      I'm thinking of some way of having locacl data on PC or mobile device (with no i-net connection), then Sync'in the data with remove SQL/MySQL server. Just looking for solution, so I thought using SQLite would work if the direct access to SQLite file is somehow protected and user can only access data from SC App.


      • #4
        What do you want, protect information inside database or protect copying your App?

        Professional Scriptcase Services
        Some Customers opinions


        • #5
          I do not need an App protection, just the deta in the database. I also do not need a user level security. It is enough for me to protec the database file from opening and altering data by any utility etc. Another words I want the file to be accessible only through my App. The idea is to keep SC App locall on the PC and do the updates with remote MySQL server (when needed, or when the connection is present). Not sure how this would work in reality but this is the concept. If you or anybody has a better idea to keep off-line data on the PC and sync it with remote server - I would be happy to hear your solution.



          • #6
            The question is: How can one connect to an encrypted SQLite database from ScriptCase? When specifying a database connection there does not seem to be any way of specifying encryption keys for access.

            This stackoverflow article provides several solutions for SQLite database encryption:

            I have not studied them in detail. However, just looking briefly at SQLite's own module (, it would seem that they require a database connection using the C API so that a special method can called with the key to open up the database. My guess is that the other solutions require a similar direct C API access.

            There would be no problem programming a desktop application using the SQLite Native C API. But developing in ScriptCase, their built in database connection object has to be used, and I do not off the top of my head see how one would combine the SC connection with a native C API access. I think it may require ScriptCase to build the encryption access into their tool, but I would be happy to be proven wrong.
            Best regards,



            • #7
              Thakns Orion, but I'm not sure why would I need to use API ? I simply think about creating and App with 2 connections.
              1-SQLite (localhost)
              2-MySQL. (remote IP

              Now, what I need to do is to exchange records between the two. I'm just wondering if anybody has used such configuration ?

              Another alteration of this same schema would be exchanging it between 2 SQL databases (one local and one remote), but this for local uer would be much more complex to install and configure initally


              • #8
                but I'm not sure why would I need to use API
                Because is the only way to encrypt an sqlite database

                Professional Scriptcase Services
                Some Customers opinions


                • #9
                  I do not need to encrypt it. I just need a user based access. I also to not need multiple users, single admin would be enough. Well perhaps I should do some research on SQLite forums.