PI> If someone was ambitious enough they could attach a debugger to your PI> application, extract key used to decrypt the database and obtain all PI> the sensitive information you have. So if you really want to protect PI> your database against those who is able to attach a debugger you PI> shouldn't use SQLite. PI> Pavel
This is the key. It depends on how secure you need it to be. If it really needs to be secure then having the encryption key in memory or in the application means it's not all that secure. This isn't a limitation of SQLite though. It's a limitation of running a program on someone else's hardware. You could encrypt the SQL and then decrypt right before usage then clear it from memory. Won't stop a debugger but, it will stop them from pulling the strings out of your application directly. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
