Sqlite encyption

Creating desktop or client-server database solutions?

Moderators: Klaus, FourthWorld, heatherlaine, kevinmiller, robinmiller

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Sqlite encyption

Post by n00b3 » Tue Oct 18, 2011 2:27 am

I am looking to create some database apps with livecode (Windows, Mac, Linux, iOS, Android).
I really like Sqlite that is included with livecode but I would like to have encryption of the databases (very important on all mobile devices).
I found SQLCipher which is open source (BSD license so it can be used with commercial applications).
It would require compiling in C with all 5 platforms (well beyond my capabilities).

Now the questions.
Has anyone seen this used with livecode?
Does any vendor sell this as a 3rd party lib for livecode?
If not how would I go about suggesting this to livecode (who would be the livecode contact)?

Maybe they could even sell it (as an add on),

Thanks for any help or suggestion.

BvG
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 1236
Joined: Sat Apr 08, 2006 1:10 pm
Location: Zurich
Contact:

Re: Sqlite encyption

Post by BvG » Tue Oct 18, 2011 10:35 am

If you want to pay for something like that, simply mail support@runrev.com with your offer, your favourite method, wether you'd accept any encryption approach (there's several, and they might prefer another one then you), amount you'd like to pay, etc. maybe also that you feel fine with them using any product in future releases of LC.
Various teststacks and stuff:
http://bjoernke.com

Chat with other RunRev developers:
chat.freenode.net:6666 #livecode

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Re: Sqlite encyption

Post by n00b3 » Mon Oct 24, 2011 12:03 am

I took your advise and emailed request. The idea of a cross platform encrypted database is very appealing. Very good idea for mobile devices.

If I hear anything I will post here.

Cheers

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Re: Sqlite encyption

Post by n00b3 » Tue Oct 25, 2011 12:10 am

No luck so far. Support emailed back about the LiveCode functions encrypt and decrypt but these are for text, not SQLite databases (unless you stored everything as text and encrypted each field before you saved a record to the database). You would still have the database schema visible so it would be fairly easy for some to figure out your encryption. Not to mention a whole lot of work to program each procedure that accessed the database. LiveCode is suppose to be faster and easier :wink: .

Cheers

wsamples
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 219
Joined: Mon May 18, 2009 4:12 am

Re: Sqlite encyption

Post by wsamples » Tue Oct 25, 2011 4:23 am

Perhaps it is their thought that you can encrypt the database file when you close it and decrypt it when you start using it. You would do your work normally, with the unencrypted file, and encrypt it as part of closing your application.

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Re: Sqlite encyption

Post by n00b3 » Tue Oct 25, 2011 4:57 pm

wsamples,

That might be an idea worth trying. Does anyone know of any sample/example apps that use encrypt/decrypt?

Cheers

townsend
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 430
Joined: Sun Feb 13, 2011 8:43 pm
Location: Seattle, USA

Re: Sqlite encyption

Post by townsend » Tue Oct 25, 2011 5:38 pm

While the file is open-- in it's un-encrypted state-- any SQLite management tool can open and access the file.

Unless-- IF if is possible to decrypt, access, and encrypt the SQLite file, all in memory. (??)

Here's a few encryption samples for you:
Base64.livecode
Blowfish.livecode
Blowfish-and-UTF-8.rev
Encryption-Made-Easy.rev
Attachments
encryption samples.zip
(44.31 KiB) Downloaded 356 times
Last edited by townsend on Thu Oct 27, 2011 12:36 am, edited 2 times in total.

wsamples
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 219
Joined: Mon May 18, 2009 4:12 am

Re: Sqlite encyption

Post by wsamples » Tue Oct 25, 2011 9:56 pm

With all due respect, townsend, if I am using a file on my computer it's not too likely anyone other than me is going to have an opportunity to access it with some software. While everyone has different security requirements, I would say that this seems like worrying more than is necessary.

townsend
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 430
Joined: Sun Feb 13, 2011 8:43 pm
Location: Seattle, USA

Re: Sqlite encyption

Post by townsend » Tue Oct 25, 2011 11:59 pm

Good point-- if the SQLite file only exists in one place-- it's fairly safe.

I thought the SQLite file in question was to be distributed to users. At least that's how my scenario goes. I myself have been trying to figure out some work around until liveCode gets around to supporting SQLite encryption.

While SQLite does support virtual Tables, I doubt without encryption, even these would be safe from prying eyes. At this point, my thinking is: encrypt at the field level when necessary, AND use a checksum to prevent the record from being updated by a 3rd party. Well-- technically a checksum doesn't prevent the record from being updated, but it would be thrown out when read by my app, which is just as good.

As for leaving my file spec open, I see no way around that.

wsamples
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 219
Joined: Mon May 18, 2009 4:12 am

Re: Sqlite encyption

Post by wsamples » Wed Oct 26, 2011 2:16 am

I think we're talking about distributing the encrypted file which is then opened in a particular app which decrypts it for viewing and then encrypts it on close. I am guessing that we want to share data with a set of authorized users while preventing it from being exposed to others. That encrypted file is unreadable on any device, then, unless it's opened in the dedicated application.

dglass
Posts: 519
Joined: Thu Sep 24, 2009 9:10 pm
Location: California
Contact:

Re: Sqlite encyption

Post by dglass » Wed Oct 26, 2011 3:29 am

What RunRev needs to do is license the encryption extension. Real Software did it for Real Studio/Real BASIC so licensing for an IDE, and its users, by the developer of the IDE is not unprecedented.

http://www.hwaci.com/sw/sqlite/see.html

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Re: Sqlite encyption

Post by n00b3 » Wed Oct 26, 2011 4:43 am

SEE is really nice. It would be awesome if LiveCode had it. I would gladly pay $149 for something like this. I am sure LiveCode would have no trouble getting a few dozen developers willing to pay for it (if not immediately then over the year). Encryption is critical for mobile devices (not just phones & tablets but laptops and netbooks too). This is a nice selling point for a mobile app. If you add simple password protection the user can feel reasonably secure even if the device is lost or stolen. In addition to protecting the data for customers that use the software it would also protect your schema from prying eyes as well.

I want something that is read/write encryption and something I can just initiate right at startup of the app and forget about until the app shuts down.

Cheers

BvG
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 1236
Joined: Sat Apr 08, 2006 1:10 pm
Location: Zurich
Contact:

Re: Sqlite encyption

Post by BvG » Wed Oct 26, 2011 2:14 pm

Maybe they assumed all you want is some sort of encryptione, as opposed to a specific feature that allows for sqlite to be used in an encrpyted way, all the time. I suggest to mail them again, and be more specific about your need, your understanding that some approaches exist, and that the approach you want does not exist, AND THAT YOU WANT TO KNOW WHAT IT COSTS TO IMPLEMENT THIS WITHIN X WEEKS.
Various teststacks and stuff:
http://bjoernke.com

Chat with other RunRev developers:
chat.freenode.net:6666 #livecode

n00b3
Posts: 9
Joined: Sun Oct 16, 2011 11:45 pm

Re: Sqlite encyption

Post by n00b3 » Thu Oct 27, 2011 1:41 am

BvG,

Yes, in 1st email I explained that I was interested in using an existing library and that I don't have the skills/time to develop an SQLite with encryption for all 5 platforms. I also requested that they look into making an add-on for LiveCode and that I was willing to pay for such an add-on. I also suggested that it would be likely other would be interested in purchasing such a library.

After several email exchanges they gave me a link to "externals" (I guess suggesting I should code it myself, ignoring the information from the first email :( ).

I will try again one more time.

Cheers

Bernard
Posts: 184
Joined: Sat Apr 08, 2006 10:14 pm
Location: London, England

Re: Sqlite encyption

Post by Bernard » Mon Dec 12, 2011 4:00 pm

While it would no doubt be cool for Runrev to license the Sqlite SEE additions (and would close one feature disparity with Real Basic [there are many other reasons I stil prefer Livecode to Real Basic]), there is another solution.

Valentina works with Livecode, and Valentina offers encryption (either data only, or even the data and the structure of the database).

http://www.valentina-db.com/dokuwiki/do ... encryption

What you are seeking (a cross-platform, royalty-free, embeddable, encryptable database) is a rare bird. In fact, the only real options are Sqlite+SEE or Valentina. Given the lack of the availability of the former, at least we do have the latter option available to us.

The benefit of Runrev integrating the SEE extension is that encrypted databases would (should) then be available to Livecode apps on iOS and Android. Until encrypted databases are available on such platforms, I can't recommend any significant apps for those platforms to my clients. Even when it comes to desktop apps, it seems to me to be unprofessiona that data is stored unencrypted (there are annual scandals in the UK where laptops/usb keys are found in pubs/trains etc. with unencrypted databases containing military data or the health records of thousands of people).

For the cost of a few hundred $, we can provide encrypted databases with our apps. At the moment, our only option is to use Valentina. And Paradigma are to be commended for having this feature included in their database engine, when so many other providers to not. (I'm a big fan of Firebird, but for years their developers have wrongly argued that it is pointless to provide an encryption feature).

Post Reply

Return to “Databases”