I am using sqlite3 in a linux machine and I am getting the database without username and password. Can I set a username and password for the same?
No, sqlite3 databases are very lightweight systems. They need no server and all data is stored in one file. A username/password is not supported by the sqlite/sqlite3 package.
In order to achieve simplicity, SQLite has had to sacrifice other characteristics that some people find useful, such as high concurrency, fine-grained access control, a rich set of built-in functions, stored procedures, esoteric SQL language features, XML and/or Java extensions, tera- or peta-byte scalability, and so forth.
(sqlite, when to use)
However, since it's only a file you can encrypt the file with a password to protect your data.
SQLite doesn't have a concept of username/password. It's just a single file based database.
However, on Unix you can protect your database from other users on the same machine by setting the permissions of the database file itself.
e.g. Allow only owner access
chmod 700 /path/to/sqlitedb
If it's used in a simple web application then the web application will provide the control.
The prior answers are only partially true. You can have databases that require authentication but you'll have to compile SQLite separately from PHP.
See the SQLite User Authentication documentation for further information.
SQLite is mainly an embedded database engine, not intended to be used as a multi-user database server that would require usernames and passwords.
You can always encrypt the database file with some user-provided password/-phrase, I guess. But expecting an embedded DBMS to sport full-blown access control is too much.
Related
Right now the only way to encrypt a Cassandra database at rest seems to be with their enterprise edition which costs thousands of dollars: How to use Cassandra with TDE (Transparent Data Encryption)
Another solution is to encrypt every value before it enters the database, but then the key will be stored somewhere on every server in plaintext and would be easy to find.
I understand they offer "free" use for certain companies, but this is not an option and I am not authorized to pay $2000/server. How do traditional companies encrypt their distributed databases?
Thanks for the advice
I took the approach of encrypting the data disk on AWS. I added a new volume to the instance and checked the option to encrypt the volume. Then I edited cassandra.yaml to point to the encrypted volume.
We have done similar requirement in one of our project. Basically, I made use of trigger feature in Cassandra with custom implementation to perform encryption. It seems to be working fine for us.
You can refer below docs on how to create trigger and sample implemention of ITrigger interface
https://docs.datastax.com/en/cql/3.3/cql/cql_reference/cqlCreateTrigger.html
https://github.com/apache/cassandra/blob/2e5847d29bbdd45fd4fc73f071779d91326ceeba/examples/triggers/src/org/apache/cassandra/triggers/AuditTrigger.java
Encrypting before inserting is a good way. The keys will either be on each application or on each cassandra node. There isnt much difference really, either way you should use filesystem permissions to restrict access to key just the apps user. Theres steps to get more secure from there like requiring entering of passphrase on startup vs storing on disk, but it makes operational tasks horrific.
I've read in multiples websites that Azure doesn't support encryption.
However I'm migrating (more like a backup) an Azure DB to SQL Server using the "Azure SQL Migration Tool" and I'm getting a warning about scripting the views: "Encrypted objects will not be scripted".
Also found this note in their site: Problem fixed in v3.5.5. Basically, Stored Procedures, Views, UDF, Triggers ... any object that can be encrypted is check before hand. The objects that are encrypted are highlighted in yellow with red letters. On the summary page, a list of encrypted objects that will not be scripted will be displayed.
http://sqlazuremw.codeplex.com/workitem/5762
If Azure SQL supports encryption, how can I get the creation script for this view?
Windows Azure SQL Database (database-as-a-service) does not support encryption. However: If you run SQL Server in a Virtual Machine, you should have all features at your disposal, including encryption.
I can't explain what's happening with the migration from SQL Database to SQL Server, regarding creation scripts involving encrypted objects on the target side.
SQL Database still doesn't support encryption, so either you are reading from a SQL Server database, or there is a bug in the Wizard. There are no encrypted database objects in SQL Database as far as I know. If you are sure you are reading from SQL Database, just try creating an encrypted view in it and see what happens. From the MSDN documentation, creating an encrypted view is not supported: http://msdn.microsoft.com/en-us/library/windowsazure/ee336244.aspx.
I am curious to know if you are getting the same error with Enzo Cloud Backup: http://www.bluesyntax.net/backup20.aspx. Just use the free edition.
We are going to store some sensitive information about our customers in the db model res_partners.
However we don't want to store this information in a simple text field. We would prefer
some basic encrypting if possible for those fields. We do not want someone who
has access to the db to have access to these fields.
Is there a way we can get this done in openerp or postgres ?
Thank you,
Vishal Khialani
There is no such thing as "basic" encryption. Rot13 is not getting to get you anywhere here. If your data is sensitive enough to deserve protection, then you need to use state of the art cyphers such as Blowfish. I advise you give a good long look at Bruce Schneier's book Applied Cryptography
The easy (and insecure) way to achieve this is to overload the write and read methods of your model to encrypt before writing and decrypt after reading.
The tricky part is storing the encryption key. You could store it in a file on the computer running the OpenERP server (assuming the database is running on another server). This is still pretty weak, as the key will be available in clear on the server, but could still be useful if you don't trust your database server admin, but do trust you openerp server admin. It's still way easier to get the database server in a secure and trusted place, and if required to crypt offline copies of the database (such as backups).
If you want more security, you'll have to send the data encrypted to the client application, and let the decryption happen there, using a user-supplied key. I'm not enough knowledgeable of this part of openerp to say if it is easily feasible or not.
Is it possible to access a SQLite database running on a WP8 app from a Windows 8/Store/"Metro" app?
If yes, how - is there any trick to it? Is it easy, tricky, or impossible?
If impossible, is it possible with any other DB? AFAIK, SQLite is the only DB that can be used with the new Windows Store style sandboxed apps.
Have a look at this article. It explains that:
sqlite is only used for storing data locally (i.e. cache something from a remote data source)
you cannot connect to remote databases because that involves distributing your database connection string (i.e. username and password) to potentially millions of users
the correct way to provide data to your app is through some sort of service. Think about the different APIs major website have now.
So to answer your question: no, this is a bad idea.
What are your thoughts about SQL Server's symmetric key functions? Specifically, I have two questions:
Which set of functions is better... EncryptByKey or EncryptByPassPhrase?
Both functions require a passphrase of some kind. In a typical web-application architecture, where should this passphrase be stored? (i.e., hard coded within a stored procedure in the database, or stored as a configuration setting in the web application)
I'm eager to see what the best practice is for these functions.
Encrypting using a passphrase is easier but the advantage of using a key is that the key can be secured using built in SQL sever roles. You can lock down use of the key to only those users that require access to that data.
If you use a certificate then you only need plain text during the initial setup and can store it outside your system. Again, the certificate is a securable object and can be locked down.
Hope this helps.