The .NET provider uses RC4 encryption. The entire file is encrypted, including the metadata. SQLite (the engine) may store unencrypted pages in its internal cache, but I don't really know for sure.
The bottom line is that nothing is safe from a hacker who has your binaries and database on his/her computer and is determined to read your data. It is impossible to write an unhackable program that is designed to run on a local computer. Anytime a hacker has access to a debugger and locally-running code, you are vulnerable in some fashion or another. One could write a very simple MIIM (Man in the middle) attack by renaming the sqlite DLL to something else and writing their own DLL that provides all the same exports. Heck, SQLite being open-source, one can just as easily recompile it and put their own debugging code in it and trace all the calls in and out. The best you can hope for is to eliminate the casual prying eyes. You can't shut out a determined hacker. -----Original Message----- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Ram G Sent: Tuesday, July 28, 2009 1:33 PM To: sqlite-users@sqlite.org Subject: [sqlite] How secure is encrypted sqlite database Hi I have modified (credit goes to System.Data.SQLite) SQlite library to encrypt the database. File is encrypted and data insert/update/retrieval works fine. The question I have is, how secure is the encrypted database. Please correct me if I am wrong, SQLite reads the file and stores some of the data pages in memory. In the case of an encrypted database, the data cached in memory pages is encrypted or clear text? Thanks in advance. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
