Page 1 of 6
					
				Sqlite encyption
				Posted: Tue Oct 18, 2011 2:27 am
				by n00b3
				I am looking to create some database apps with livecode (Windows, Mac, Linux, iOS, Android).
I really like Sqlite that is included with livecode but I would like to have encryption of the databases (very important on all mobile devices). 
I found SQLCipher which is open source (BSD license so it can be used with commercial applications). 
It would require compiling in C with all 5 platforms (well beyond my capabilities).
Now the questions.
Has anyone seen this used with livecode?
Does any vendor sell this as a 3rd party lib for livecode?
If not how would I go about suggesting this to livecode (who would be the livecode contact)?
Maybe they could even sell it (as an add on),
Thanks for any help or suggestion.
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 18, 2011 10:35 am
				by BvG
				If you want to pay for something like that, simply mail 
support@runrev.com with your offer,  your favourite method, wether you'd accept any encryption approach (there's several, and they might prefer another one then you), amount you'd like to pay, etc. maybe also that you feel fine with them using any product in future releases of LC.
 
			
					
				Re: Sqlite encyption
				Posted: Mon Oct 24, 2011 12:03 am
				by n00b3
				I took your advise and emailed request. The idea of a cross platform encrypted  database is very appealing. Very good idea for mobile devices.
If I hear anything I will post here.
Cheers
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 12:10 am
				by n00b3
				No luck so far. Support emailed back about the LiveCode functions encrypt and decrypt but these are for text, not SQLite databases (unless you stored everything as text and encrypted each field before you saved a record to the database). You would still have the database schema visible so it would be fairly easy for some to figure out your encryption. Not to mention a whole lot of work to program each procedure that accessed the database. LiveCode is suppose to be faster and easier  

 .
Cheers
 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 4:23 am
				by wsamples
				Perhaps it is their thought that you can encrypt the database file when you close it and decrypt it when you start using it. You would do your work normally, with the unencrypted file, and encrypt it as part of closing your application.
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 4:57 pm
				by n00b3
				wsamples,
That might be an idea worth trying. Does anyone know of any sample/example apps that use encrypt/decrypt?
Cheers
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 5:38 pm
				by townsend
				While the file is open-- in it's un-encrypted state-- any SQLite management tool can open and access the file.
Unless-- IF if is possible to decrypt, access, and encrypt the SQLite file, all in memory. (??)
Here's a few encryption samples for you:
Base64.livecode
Blowfish.livecode
Blowfish-and-UTF-8.rev
Encryption-Made-Easy.rev
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 9:56 pm
				by wsamples
				With all due respect, townsend, if I am using a file on my computer it's not too likely anyone other than me is going to have an opportunity to access it with some software. While everyone has different security requirements, I would say that this seems like worrying more than is necessary.
			 
			
					
				Re: Sqlite encyption
				Posted: Tue Oct 25, 2011 11:59 pm
				by townsend
				Good point-- if the SQLite file only exists in one place-- it's fairly safe. 
I thought the SQLite file in question was to be distributed to users. At least that's how my scenario goes. I myself have been trying to figure out some work around until liveCode gets around to supporting SQLite encryption.
While SQLite does support virtual Tables, I doubt without encryption, even these would be safe from prying eyes. At this point, my thinking is: encrypt at the field level when necessary, AND use a checksum to prevent the record from being updated by a 3rd party. Well-- technically a checksum doesn't prevent the record from being updated, but it would be thrown out when read by my app, which is just as good.
As for leaving my file spec open, I see no way around that.
			 
			
					
				Re: Sqlite encyption
				Posted: Wed Oct 26, 2011 2:16 am
				by wsamples
				I think we're talking about distributing the encrypted file which is then opened in a particular app which decrypts it for viewing and then encrypts it on close. I am guessing that we want to share data with a set of authorized users while preventing it from being exposed to others. That encrypted file is unreadable on any device, then, unless it's opened in the dedicated application.
			 
			
					
				Re: Sqlite encyption
				Posted: Wed Oct 26, 2011 3:29 am
				by dglass
				What RunRev needs to do is license the encryption extension.  Real Software did it for Real Studio/Real BASIC so licensing for an IDE, and its users, by the developer of the IDE is not unprecedented.
http://www.hwaci.com/sw/sqlite/see.html 
			
					
				Re: Sqlite encyption
				Posted: Wed Oct 26, 2011 4:43 am
				by n00b3
				SEE is really nice. It would be awesome if LiveCode had it. I would gladly pay $149 for something like this. I am sure LiveCode would have no trouble getting a few dozen developers willing to pay for it (if not immediately then over the year). Encryption is critical for mobile devices (not just phones & tablets but laptops and netbooks too). This is a nice selling point for a mobile app. If you add simple password protection the user can feel reasonably secure even if the device is lost or stolen. In addition to protecting the data for customers that use the software it would also protect your schema from prying eyes as well.
I want something that is read/write encryption and something I can just initiate right at startup of the app and forget about until the app shuts down.
Cheers
			 
			
					
				Re: Sqlite encyption
				Posted: Wed Oct 26, 2011 2:14 pm
				by BvG
				Maybe they assumed all you want is some sort of encryptione, as opposed to a specific feature that allows for sqlite to be used in an encrpyted way, all the time. I suggest to mail them again, and be more specific about your need, your understanding that some approaches exist, and that the approach you want does not exist, AND THAT YOU WANT TO KNOW WHAT IT COSTS TO IMPLEMENT THIS WITHIN X WEEKS.
			 
			
					
				Re: Sqlite encyption
				Posted: Thu Oct 27, 2011 1:41 am
				by n00b3
				BvG,
Yes, in 1st email I explained that I was interested in using an existing library and that I don't have the skills/time to develop an SQLite with encryption for all 5 platforms. I also requested that they look into making an add-on for LiveCode and that I was willing to pay for such an add-on. I also suggested that it would be likely other would be interested in purchasing such a library.
After several email exchanges they gave me a link to "externals" (I guess suggesting I should code it myself, ignoring the information from the first email  

  ).
I will try again one more time.
Cheers
 
			
					
				Re: Sqlite encyption
				Posted: Mon Dec 12, 2011 4:00 pm
				by Bernard
				While it would no doubt be cool for Runrev to license the Sqlite SEE additions (and would close one feature disparity with Real Basic [there are many other reasons I stil prefer Livecode to Real Basic]), there is another solution.
Valentina works with Livecode, and Valentina offers encryption (either data only, or even the data and the structure of the database).  
http://www.valentina-db.com/dokuwiki/do ... encryption
What you are seeking (a cross-platform, royalty-free, embeddable, encryptable database) is a rare bird.  In fact, the only real options are Sqlite+SEE or Valentina.  Given the lack of the availability of the former, at least we do have the latter option available to us.
The benefit of Runrev integrating the SEE extension is that encrypted databases would (should) then be available to Livecode apps on iOS and Android.  Until encrypted databases are available on such platforms, I can't recommend any significant apps for those platforms to my clients.  Even when it comes to desktop apps, it seems to me to be unprofessiona that data is stored unencrypted (there are annual scandals in the UK where laptops/usb keys are found in pubs/trains etc. with unencrypted databases containing military data or the health records of thousands of people).  
For the cost of a few hundred $, we can provide encrypted databases with our apps.  At the moment, our only option is to use Valentina.  And Paradigma are to be commended for having this feature included in their database engine, when so many other providers to not.  (I'm a big fan of Firebird, but for years their developers have wrongly argued that it is pointless to provide an encryption feature).