I have an electron app which persists data in an SQLite db stored in my machine. I have all the setup for the CRUD operation and the application works fine. Now I need to encrypt the SQLite DB file. I searched online for solution but all the solution are for pre-encrypted DB which is being decrypted inside Electron.
The requirement is, user will provide the password using which the app will encrypt the DB file and going forward user will provide the password to decrypt and perform the CRUD operation
Any idea how to achieve this?
P.S.: I have checked with SQLCipher docs and I don't find what I needed. So far, I am using sqlite3 node module to perform CRUD
Edit 1: I tried to use sqlite-cipher module and I was able to encrypt the db in a separate js file. but when I integrate the same with the electron ipcMain, the app closes due to high RAM consumption.
Any suggestions???
If you're using SQLite the best option is use SQLCipher. The problem is that you will have to compile new binaries to work and there are some limitations with the versions of SQLite and SQLcipher for node.
You can use this package: https://github.com/journeyapps/node-sqlcipher
or compiling manually, here you have an example https://gist.github.com/aguynamedben/14253e34bc7e0a881d99c8e45eb45a47
Encryption in electron app is a tricky thing.
This is because it can give you false sense of security.
You might encrypt your local db, but with electron it's so easy to decrypt it back that perhaps it's not worth it at all?
It's very easy to get sources of your electron app. Minification helps only a little bit, but this is not real protection.
There are many approaches you can take but they vary on circumstances.
The questions which needs to be answered are:
who are you trying to protect against?
is security critical or this is only basic measures so not everyone can get data from db at first
glance?
does the user using the app have admin user rights on the
machine?
are you accessing db directly through electron app, or some
kind of system wide service (deamon) is communicating with db and
passing results to electron app.
if previous is "yes" how do you communicate the
service with the electron app and how is this secured?
Take a look at source code access discussion:
https://github.com/electron/electron/issues/3041
and also check this article (especially the security part):
https://hackernoon.com/electron-the-bad-parts-2b710c491547
Related
I'm making an in-house application for a company and they want me to use Phonegap for the mobile application. After searching, I decided to go on and use SQLite plugin for the local storage but they have this requirement that when the device goes online all the data on the local storage will synced automatically to the remote MYSql db. I read about deferred functions in jQuery but I'm not quite familiar on how to use them.
Are there any alternatives to achieve this requirement?
I'm currently investigating to achieve a similar goal.
I need to develop an IONIC/Phonegap app that can potentially do CRUD operations with the followings DB engines: MySQL / Postgres / Microsoft SQL Server / Oracle (not simultaneously).
TypeORM seems to be the solution, but I still couldn't connect from Android device to remote MySQL DB.
If you work with TypeORM over NodeJS directly is very easy to have an example up and running and do some CRUD operations with the supported DB engines (just follow the examples and documentation in the previous link).
I'm asking at https://github.com/typeorm/typeorm/issues/548 if anybody has achieved an Android-MySQL connection using TypeORM.
I'm beginner in eclipse and android apps. what can I do for security of database? prevent hack or steel my database of my app. And where is database of apps in mobiles with android OS?
You can't. It is pretty trivial to get it, no matter what you do. If you want to keep your data safer, you can drop the local database, and make a web service where you get your data from. Then you will have to make some restrictions, so people will not rip your data fast. This is known as anti-farming and you can see more at https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#Anti-farming
But this will only slow people down, and as the article says, large resource adversaries will still be able to get whatever they want.
What to do: don't focus on it, build a awesome app, so no other will reach your user level/profit.
Take a look at https://www.zetetic.net/sqlcipher/sqlcipher-for-android/. It is possible to create a encrypted database with that library. You should only think about where to place the key of it. One possible solution is that user has to enter the password via login dialog for example.
The database and app specific data is located at /android /data/package of your app folder.
I am working on a Livecode Aapplication. In this I need to use cloud base sqlite database. But I have not much knowledge about cloud base sqlite and how to implement it with Livecode Application. Could anyone explain to me, what is it and how can I use cloud base sqlite into Livecode?
Thanks
An SQLite database is just a file which resides in the file system of the device. So each device will have its own database with its own data. If you want to store data in the cloud you have to do something on the server side.
If you want to have a solution on the server you might want to go for a PHP script. PHP has sqlite access built in. However you can use other scripting languages as well.
Or on another line something like https://cloudant.com/ . But there the data is not stored in relational tables but as JSON objects. Access is as well through the http protocol (restful).
Related question
See also here How to retrieve data from a server
Suggestion
Please do not forget to use the search box of this web site. E.g. by searching for
sqlite cloud
you get
https://stackoverflow.com/search?q=sqlite+cloud
which has as the first answer
A: Can I use the SQLite as a db storage for cloud-based websites?
So your question needs to be more specific.
currently I am writing a Windows 8 App with Sqlite as a database. I want to give the user the ability to view his data in every instance of the app on any device. Usually this problem could be easily solved by using a online database like Windows Azure. But this is not an option in my case.
Is it a good idea to use Microsoft's free service "Skydrive" as a platform to synchronize database files among several devices? Does somebody know any open source projects or blogs that are dealing with this problem that could save me some time for writing the necessary code?
If it's a bad idea, which other options are there that I could use. I want to keep Sqlite as the database for my App.
I am glad to get any kind of feedback or links to resources that might help me.
Best regards
Philipp
imo it isn't a good idea cause the access to db files is to easy. Ofc you can say that access to database files is easy cause you need to just know the app data path to package of your app but still it`s much more difficult than just opening skydrive. And think what would happen if someone would make this directory on skydrive as public.
I would combine local db and online db. Online db as a service for synchronizing data and local db for normal work.
I have created an Adobe AIR application that interfaces with Salesforce.com. The only drawback I have is that the data that is synced to the desktop is not encrypted. I can encrypt a database that I create locally, however, I am trying to encrypt the database that is created and maintained by the flexforforce toolkit. Thanks for any suggestions.
J_A_X is correct, without access to the underlying code communicating to the database, it would be damn near impossible, however it appears the situation has changed.
AFAICT SalesBuilder is using a locally encrypted air database: http://coenraets.org/blog/2008/11/salesbuilder-15-with-new-air-15-database-encryption/. It appears the source code is available for this application, and thus a possibily that you might be able to pull the libraries this is using? Or perhaps the libraries you are using are in fact already encrypting the database?