On 31 Oct 2011, at 8:07am, Eugene N wrote: > For your .NET application to use the, DB it must first decrypt it; That > means, storing the plain version in ram; A memory dump will pronto show the > contents of this sqlite database;
Physical possession of the hardware concerned is always an end to encryption methods. Once they've got the computer it's just a question of how much time and effort they want to figuring out where you put the password. That's one reason so many systems have just thin clients on your user's hardware and do all the secure stuff on a server back in headquarters. Igor's approach is as good as any: use a password that doesn't look like a text string. You can also introduce an additional step of scrambling the password you store in some way, so a cracker doesn't spot a mystery string in a configuration file and say "Well, I guess that's the password in plaintext.". Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
