Re: [sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[Stephen Chrzanowski]

Being a windows developer myself, I've never really looked into locking
down an application at the file level, however, here are a couple things
that you can look into.

You can create a user from the command line.  Instructions here:
http://www.itechtalk.com/thread16618.html
(google: create user command line)

You can probably skip on setting the user as an administrator, however,
this will become pretty key as, again from the command line, you can set
file permissions on your database so that this new user has access to the
file only.
http://www.techrepublic.com/article/use-caclsexe-to-view-and-manage-windows-acls/1050976
(google: windows cacls)

In whatever language you're running, you SHOULD be able to access a file as
that new user.  Take for instance
http://www.djekldevelopments.co.uk/microsoft-visual-basic-net-programmers-cookbook/source/6797final/lib0319.html
(google: windows api run program as different user)

But PLEASE take heed;

If you have a kind of information that you want to protect the user from
getting access to, this is *NOT* the proper manor of doing so.  This will
make it more interesting for an (ab)user to get to the file, however,
anyone with sufficient rights can just take ownership of the file, change
the file permissions, and still gain access to the file.  In reality,
SQLite PROBABLY isn't the right answer for you to begin with since you DO
want to lock down the access.

But then again, you also need to decide at what level you want to protect
the data.  If you're looking for a total, 100% secure method of protecting
your data, you manage it in-house, and your clients access it remotely, or
in my case where I work, the customer buys the machines to our
specifications, we install our software on them in our office, ship them
off after some burn in time, and then we manage them remotely, and the user
has zero access to the machine aside from what we provide them with our
software.


On Mon, Feb 11, 2013 at 7:03 AM, Robert Hairgrove wrote:

> On Mon, 2013-02-11 at 11:04 +, SR Volatile wrote:
> > Is there any option to encrypt fields in a table when creating it?
>
> There is the SQLite Encryption Extension (SEE):
> http://www.hwaci.com/sw/sqlite/see.html
>
> It is not free. But it looks like it does a pretty good job (I never
> used it myself).
>
> Other than that, you can encrypt/decrypt the data in your application
> using some 3rd party encryption software. Depending on your security
> needs, please be aware that no encryption mechanism is 100% safe, and to
> achieve an adequate level of security through encryption is anything but
> trivial.
>
> Of course, my suggestion to make the file read-only does not prohibit
> users from reading the data, only from editing it. You'd have to deny
> read AND write access to any users except for those using the database
> to prevent all prying eyes.
>
> Although setting up such permissions is fairly straightforward on a *nix
> system, I believe that more recent versions of Windows allow user-level
> permissions as well.
>
> And I still think this is probably the best way to go with any
> file-based RDBMS because once the file-system security is breached, the
> database file can be copied and a dedicated intruder can hack away at
> leisure to remove whatever encryption there is.
>
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[Stephen Chrzanowski]

SQLite has no knowledge of users or password protection.  Unlike MSSQL or
MySQL or Oracle, you don't log into the database with a username and
password, and there is no real DBMS to handle permissions.  Filesystem
level locking is pretty much the closest thing you're going to get to
protecting the data within.

I'd suggest encryption to at least block people from getting access to the
file content, however, once the encryption is broken, R/W access will be
permitted.  If you want a total "black box" scenario, this is probably
going to be your best bet.  If you want to block write access, you could
create a new user account, give RW permissions to that user, then give just
R access to everyone else.
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[Kees Nuyt]

On Fri, 08 Feb 2013 19:46:49 +0100, Kees Nuyt  wrote:

> ... to black access ...


... to block access ...

Note to self: proofread thoroughly.

-- 
Groet, Cordialement, Pozdrawiam, Regards,

Kees Nuyt

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[Kees Nuyt]

On Fri, 08 Feb 2013 14:20:20 +0100, Robert Hairgrove
 wrote:

>On Fri, 2013-02-08 at 13:13 +, SR Volatile wrote:
>> Dear Sir/Madam,
>> 
>> I am using Sqlite for my project. Currently, Sqlite database browser able
>> to view / edit sqlite database structure and content. As part of my
>> project, I don't want anybody to view/edit the database contents from any
>> database browsers.
>> Could you please suggest me, how can i achieve this?
>
>Since an SQLite database is a file, you could just set the file system
>privileges to read-only.

That would prevent write access for the application.

Depending on the circumstances, it might be possible to use ACL or
user:group ownership and account/group/other permissions to black access
to the database file for every user:group, except the application
user:group.

Another possibility is database encryption, in a way that only the
application can know the key. See http://sqlite.org/support.html

-- 
Groet, Cordialement, Pozdrawiam, Regards,

Kees Nuyt

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[Robert Hairgrove]

On Fri, 2013-02-08 at 13:13 +, SR Volatile wrote:
> Dear Sir/Madam,
> 
> I am using Sqlite for my project. Currently, Sqlite database browser able
> to view / edit sqlite database structure and content. As part of my
> project, I don't want anybody to view/edit the database contents from any
> database browsers.
> Could you please suggest me, how can i achieve this?

Since an SQLite database is a file, you could just set the file system
privileges to read-only.

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Fwd: How to prevent View sqlite database structure and contents from database browsers

[SR Volatile]

Dear Sir/Madam,

I am using Sqlite for my project. Currently, Sqlite database browser able
to view / edit sqlite database structure and content. As part of my
project, I don't want anybody to view/edit the database contents from any
database browsers.
Could you please suggest me, how can i achieve this?

Thanks in advance and looking forward to hear from you.

Sincerely,
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users