On Sun, Jan 25, 2009 at 06:29:28PM -0000, RB Smissaert scratched on the wall: > Would it be possible to make a SQLite file un-usable by overwriting bytes in > certain places and then (via an encrypted password) make the file usable > again by putting the right bytes back in the right places? > I use a VB wrapper that can encrypt the database, but I am using this SQLite > file on a Windows Mobile device and the SQLite wrapper used there can't do > that. > I can do this quite easy by picking some fixed bytes at the beginning of the > file, but it then is too easy to pick this up by comparing with a normal > SQLite file. So, maybe I need to overwrite sqlite_master, but will it be > possible to always find the start and end of that part of the file? > Thanks for any ideas about this.
To what end? What are you trying to protect against? If the database has sensitive information, especially strings, much of it can be recovered by simply dumping the database file with a hex-editor. Simply making the file unreadable by the SQLite library provides only the bare minimum of protection. If all you want to do is prevent the casual user from browsing the file, then I suppose this will work. Although your indication of scrambling the first few bytes as being "too easy" to fix seems to indicate you're after something stronger. If you really need to protect the data, you need to protect the data itself, not the access mechanism. You either need to re-write the VFS to encrypt whole database pages, or you need to encrypt the data itself before it is stored into the database. -j -- Jay A. Kreibich < J A Y @ K R E I B I.C H > "Our opponent is an alien starship packed with atomic bombs. We have a protractor." "I'll go home and see if I can scrounge up a ruler and a piece of string." --from Anathem by Neal Stephenson _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users