Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sqlite database security

Tags:

I'm developing an application which will be storing user sensitive data. My issue is using other applications that a user can view that stored data with. Then I need to provide better security for the data in general.

Is there any way to provide better security for SQLite database and tables?

like image 942
Chandana Avatar asked Jun 29 '10 11:06

Chandana


People also ask

Is SQLite database secure?

SQLite, one of the most popular light-weighted database system, has been widely used in various systems. However, the compact design of SQLite did not make enough consideration on user data security. Specifically, anyone who has obtained the access to the database file will be able to read or tamper the data.

Is SQLite a security risk?

Despite being a medium impact vulnerability, SQLite vulnerability is a serious security flaw.

How do I protect SQLite database?

SQLite doesn't support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3.

Can SQLite be hacked?

All historical vulnerabilities reported against SQLite require at least one of these preconditions: The attacker can submit and run arbitrary SQL statements. The attacker can submit a maliciously crafted database file to the application that the application will then open and query.


2 Answers

Encrypt your data before you enter it in the database. As far as I know, the SQLite database is kept in a single file somewhere in the /data/ directory. What is more, your data is kept in plain text format. This means that it will always be possible for someone to extract that data by rooting the phone, obtaining the .db SQLite file and opening it with a text editor.

So, encrypt your data :)

-- Okay, maybe not a text editor, but a simple hex editor. Anyways...

like image 71
Shade Avatar answered Nov 07 '22 02:11

Shade


Check out SQLCipher for Android. It's free (Apache 2 and BSD licences).

PS.: Some ORMs also support SQLCipher now, e.g. our greenDAO.

like image 39
Markus Junginger Avatar answered Nov 07 '22 01:11

Markus Junginger