I have a Swift app that uses the Realm Object Server running remotely on a Linux server. Everything is working, including real-time sync.
Occasionally I want to inspect the contents of a local Realm file used by the iOS Simulator so I can do some debugging. When I browse here:
~/.../CoreSimulator/.../Documents/realm-object-server/<unique id>/
...and I try to open this file: realm%3A%2F%2F104%2E236%2E129%2E235%3A9080%2F%7E%2Fmyapp.realm
I get prompted with: Please enter a valid encryption key for this Realm file.
Where do I get this encryption key? I tried using the admin token from the server, but that doesn't appear to be working.
Also, can I turn off encryption everywhere? Or is it mandatory for any app using the Realm Object Server?
It is not possible to open the local version of a synced Realm file using the Browser (or anything else, for that matter). This is due to differing history types internally (but I won't go into that now). In order to inspect the contents of the Realm file, you have to open it using the previously defined syncURL. The browser will then download the file and show you the contents.
A few links on this topic:
https://github.com/realm/RealmTasks/issues/327
https://github.com/realm/realm-core/issues/2276
You may use old version of Realm Browser, please update it and check the result again.
Use Realm Studio instead which worked for me.
Here can download the file
byte[] key = new byte[64];
new SecureRandom().nextBytes(key);
String encryptionKey = byteArrayToHexString(key);
//encryptionKey is what you want byteArrayToHexString see
Log.d("test", "encryptionKey:"+encryptionKey);
byteArrayToHexString() method you can see:How to convert a byte array to a hex string in Java?
Related
Finally I’m uploading my app to the App Store connect. I’m using the latest version of realmswift and I only created a default realm database and never explicitly tell the realm to use encryption. In this case does my app contain encryption?
Also, sometimes I can see the outputs which looked like realm established an internet connection(I don’t know whether it’s HTTPS or not) and I don’t know why. Maybe to check the realm’s updates?
In this case, does realm really establish a HTTPS connection? What should I choose? Contain or not?
A Realm database is not encrypted unless you tell it to be an encrypted. e.g. you would need to include the following code for the Realm to be encrypted
// Generate a random encryption key
var key = Data(count: 64)
_ = key.withUnsafeMutableBytes { (pointer: UnsafeMutableRawBufferPointer) in
SecRandomCopyBytes(kSecRandomDefault, 64, pointer.baseAddress!) }
var config = Realm.Configuration(encryptionKey: key)
do {
let realm = try Realm(configuration: config)
} catch let error as NSError {
fatalError("Error opening realm: \(error.localizedDescription)")
}
That being said, by default with iOS 8 and above app files are encrypted using NSFileProtection whenever the device is locked.
When it comes to a sync'd Realm, that's a little different as the on-disk files can be encrypted per above, but the sync'd data stored in MongoDB is not encrypted.
A sync'd realm will establish a connection to the sync server (MongoDB) so that will results in internet traffic. Likewise if you're using REST calls to pull data from MongoDB, those will also result in network activity.
I am writing a Windows VCL desktop using c++ builder. The app uses Firedac and a SQLite database.
I want to protect this SQLite database:
Only my vcl app can connect to it and use it
Other programs and people cannot use the SQLite file
So far I found that the easiest thing that I can do is Encryption, you make it so that anybody without a correct password gets a message like "This file is not a database" if he tries to open it.
Yes we can do this with Embarcadero VCL, doc. using a TFDSQLiteSecurity component and these lines :
FDSQLiteSecurity1->Password = "";/* we are protecting (encrypting) our uncyphered database*/
FDSQLiteSecurity1->ToPassword = 'newpassword';
FDSQLiteSecurity1->ChangePassword();
Unfortunately the VCL Firedac app cannot connect to an encrypted sqlite database so it must decrypt it first.
In order to make things work my program starts and decrypts the database ( removes password) then it connects to the database and use it. When finished I recrypt the database again (when closing app).
THE PROBLEM:
During this time (My program is up and running and the database in uncrypted) can I stop other programs from opening the SQLITE database? Is there a better approach, I am opened for any suggestion
Once it is encrypted by FireDac just set the appropriate properties on the FDConnection. Those would be password to the password and encrypt to the encryption method.
Firedac can open a SQLite database it has encrypted itself so the problem resolves itself by doing that as a better approach. Other programs only see the encrypted version on disk and can't open it without the password.
Is there any difference in patch api in embedded and standard version of the server?
Is there a need to configure document store in some way to enable patch api?
I'm writing a test which use embedded raven. The code works correctly on the standard version but in test it doesn't. I'm constantly receiving patch result: DocumentDoesNotExists. I`ve checked with debugger and the document exists in the store - so it is not a problem with test.
Here you can find a repro of my issue: https://gist.github.com/pblachut/c2e0e227fa3beb51f4f9403505c292bb
I`ve reached the contact in the ravendb support and I have answer for my question.
There should be no difference between embedded and normal version of the server. The problem was that I did not passed explicitly for which database I want to invoke batch command. In the result I tried to patch document in system database.
var result = await documentStore.AsyncDatabaseCommands.ForDatabase("testDb).BatchAsync(new[] {command});
I assumed that database name will be taken from the session (beacuse I get documentStore from there). But the name of database should be always passed.
var documentStore = session.Advanced.DocumentStore;
I'm using Realm 0.98.6 with Xcode 7.3 in an OSX app to create an encrypted realm database and then making a clean copy to place in my bundle. The original database opens with the Realm Browser (after pasting in the key), but the copy does not.
Here is the code I use to create both the databases. There are no writes in the routines called, just a mix of realm.adds and realm.appends to create a collection of related objects:
let config = Realm.Configuration(path: realmTempFile, encryptionKey: key)
let realm = try! Realm(configuration: config)
try! realm.write {
loadAuthors(authorFile, realm: realm)
loadVolumes(volumesFile, realm: realm)
}
try! realm.writeCopyToPath(realmFile, encryptionKey: key)
If I remove the encryptionKey parameters from the config and writecopy, then both databases open ok with the Realm Browser.
In case it matters, I'm deleting the db files with the Finder (and associated lock files) before each attempt. (I've also tried changing the names to mitigate any temporary files hanging around.). The only obvious difference between the two files is 7.5 vs 6.9 MB filesize for the 'original' and 'copy' respectively (i.e., as expected the copy is slightly smaller).
I'd love some suggestions! It's a pretty vanilla program of <400 lines that loads a db for later use in an iOS & Android app. I can always ship the bigger file, but it's making me wary of what else I might not know... thanks in advance!
The database can be open()ed using the same encryption key and it works fine. Tried with multiple encrypted databases - all can be opened, but not attached.
This works when encrypted and when not encrypted (bytearray is null):
connection.open(file, "create", false, 1024, bytearray);
This only works when not encrypted:
connection.attach("db" + newnum.toString(), file, new Responder(attachEncryptedSuccess, openEncryptedError), bytearray);
Any help is appreciated.
UPDATE:
Just found a strange pattern here:
It seems that if I create an encrypted database, and then create new databases and attach them, everything works fine.
The created files, after unloading, will only be properly opened using the command that they were initially created with. Therefore, the encrypted database that I created before using open() will only open with open() method. All the encrypted databases that were initially created using attach() will only be able to be opened using attach(). It also doesn't matter which database was open()ed first, aka which one is the main database. It can even be not encrypted.
This is something very strange. Is this a bug? Or am I doing something wrong here?
One gotcha that I ran into awhile ago, and it sounds like it might be impacting you. If you are creating both db's from AIR then this should work fine, however if you have created one with any external tool - generally most tools will default the PRAGMA ENCODING = UTF8. AIR, being Adobe, does things a little different than just straight up telling you that they create theirs UTF16-LE.
According to sqlite rules, differing encoding types cannot be attached one way or the other. One way to verify is to use sqliteman or some other sqlite editor to verify the pragma settings.
For me, I ended up having to start from a seeded db (empty databases -just the header- were over written by AIR) that was to be initialized from a template database. If I allowed AIR to create my starting db, it was set to UTF16 to which I could not attach a UTF8 template.