Home > Archive > PERL Beginners > December 2007 > Crypt SQLite
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Octavian Rasnita 2007-12-06, 7:02 pm |
| Hi,
I've seen a program made in C# that uses an SQLite database which is
crypted.
Can we do the same thing with perl?
Some years ago I've seen only some comercial solution for doing this, but
now I've seen that free solution in C#. It would be wonderful to be able to
do the same thing in perl.
Thank you.
Octavian
| |
| David Filmer 2007-12-08, 7:59 am |
| On Dec 6, 10:47 am, orasn...@gmail.com (Octavian Rasnita) wrote:
> I've seen a program made in C# that uses an SQLite database which is
> crypted.
I doubt that. SQLite does not (AFAIK) have an encrypted database
engine. The only way that such a program could do this is if the C#
program somehow augmented the SQLite source code.
> Can we do the same thing with perl?
You can do the same thing that the C# program (probably) did - namely
encrypt the values before inserting them into the database. Perl can
do all sorts of encryption - search the Crypt:: namespace at http://cpan.org.
You probably want some sort of bi-directional encryption instead of a
hash encryption (which is usually used for password checking and
such). Symmetrical pass-key encryption is easy but not especially
strong (though probably adequate for most situations, as cracking a
good pass-key is still a ponderous task). Some sort of certificate-
based (PPK) encryption is pretty good.
Of course, since a SQLite database is just a simple file, you can
store it on an encrypted filesystem, which offers a good measure of
protection in some circumstances (lost hard drive, stolen powered-off
laptop, etc).
--
The best way to get a good answer is to ask a good question.
David Filmer (http://DavidFilmer.com)
| |
| Chas. Owens 2007-12-08, 7:00 pm |
| On Dec 6, 2007 1:47 PM, Octavian Rasnita <orasnita@gmail.com> wrote:
> Hi,
>
> I've seen a program made in C# that uses an SQLite database which is
> crypted.
> Can we do the same thing with perl?
>
> Some years ago I've seen only some comercial solution for doing this, but
> now I've seen that free solution in C#. It would be wonderful to be able to
> do the same thing in perl.
snip
This is probably what you are looking for:
http://www.hwaci.com/sw/sqlite/prosupport.html
It looks like it would cost you $2,000 USD and you would need to
modify the DBD::SQLite module to use the SEE enabled library instead
of the one that comes with it by default.
| |
| Octavian Rasnita 2007-12-09, 8:00 am |
| From: "Chas. Owens" <chas.owens@gmail.com>
> On Dec 6, 2007 1:47 PM, Octavian Rasnita <orasnita@gmail.com> wrote:
> snip
>
> This is probably what you are looking for:
> http://www.hwaci.com/sw/sqlite/prosupport.html
>
> It looks like it would cost you $2,000 USD and you would need to
> modify the DBD::SQLite module to use the SEE enabled library instead
> of the one that comes with it by default.
Well, it seems that using C# instead of perl, like in the example found in
the archive below, it is free:
http://www.tranzactiibursiere.ro/st...yptedSQLite.zip
Octavian
| |
| Octavian Rasnita 2007-12-09, 8:00 am |
| From: "David Filmer" <usenet@davidfilmer.com>
> On Dec 6, 10:47 am, orasn...@gmail.com (Octavian Rasnita) wrote:
>
> I doubt that. SQLite does not (AFAIK) have an encrypted database
> engine. The only way that such a program could do this is if the C#
> program somehow augmented the SQLite source code.
>
>
> You can do the same thing that the C# program (probably) did - namely
> encrypt the values before inserting them into the database. Perl can
> do all sorts of encryption - search the Crypt:: namespace at
> http://cpan.org.
> You probably want some sort of bi-directional encryption instead of a
> hash encryption (which is usually used for password checking and
> such). Symmetrical pass-key encryption is easy but not especially
> strong (though probably adequate for most situations, as cracking a
> good pass-key is still a ponderous task). Some sort of certificate-
> based (PPK) encryption is pretty good.
>
> Of course, since a SQLite database is just a simple file, you can
> store it on an encrypted filesystem, which offers a good measure of
> protection in some circumstances (lost hard drive, stolen powered-off
> laptop, etc).
Well, here it is an archive that contains the following files:
sqlt_fruit.exe - a sample program made in C# that uses a crypted SQLite
database
sqlt_fruit.cs - the source code for that program
CompileSqlt_fruit.bat - a bat file with the command line used for compiling
that program
System.Data.SQLite.DLL - a dll file needed for running the program
http://www.tranzactiibursiere.ro/st...yptedSQLite.zip
So it seems that this is possible, and when working with an SQLite database,
C# has a big advantage when it is compared it with perl.
Octavian
| |
| fsantiago@dicksondata.com 2007-12-19, 10:03 pm |
| On Dec 9, 7:03 am, orasn...@gmail.com (Octavian Rasnita) wrote:
> From: "David Filmer" <use...@davidfilmer.com>
>
>
>
>
>
>
>
>
>
>
> Well, here it is an archive that contains the following files:
> sqlt_fruit.exe - a sample program made in C# that uses a crypted SQLite
> database
> sqlt_fruit.cs - the source code for that program
> CompileSqlt_fruit.bat - a bat file with the command line used for compiling
> that program
> System.Data.SQLite.DLL - a dll file needed for running the program
>
> http://www.tranzactiibursiere.ro/st...yptedSQLite.zip
>
> So it seems that this is possible, and when working with an SQLite database,
> C# has a big advantage when it is compared it with perl.
>
> Octavian- Hide quoted text -
>
> - Show quoted text -
I've tried this and it works fine with my C# application running on
XP, however, I cannot run it on Windows Vista? complaining about a
problem signature on System.Data.SQLite.DLL.
Any ideas?
Thanks!
| |
| Octavian Rasnita 2007-12-19, 10:03 pm |
| From: <fsantiago@dicksondata.com>
> On Dec 9, 7:03 am, orasn...@gmail.com (Octavian Rasnita) wrote:
>
> I've tried this and it works fine with my C# application running on
> XP, however, I cannot run it on Windows Vista? complaining about a
> problem signature on System.Data.SQLite.DLL.
>
> Any ideas?
>
> Thanks!
Sorry. No idea. I didn't wrote that C# program because I don't know C# well
enough. That's why I was interested in a perl solution, but unfortunately it
is not possible in perl.
I don't even have Windows Vista to test the program under that OS.
Octavian
| |
| Chas. Owens 2007-12-20, 4:02 am |
| On Dec 19, 2007 5:59 PM, Octavian Rasnita <orasnita@gmail.com> wrote:
snip
> Sorry. No idea. I didn't wrote that C# program because I don't know C# well
> enough. That's why I was interested in a perl solution, but unfortunately it
> is not possible in perl.
snip
It is possible. The person who wrote the C# library probably either
bought the $2,000 license for SEE* or rolled his or her own version of
it. You can buy the license or roll your own version of SEE for Perl
as well. It is quite possible, but, since you can't redistribute the
source code to SEE, there won't be CPAN module for it. Frankly, not
being able to see the source code to System.Data.SQLite.DLL and its
unknown provenence (how can you trust someone you don't know) would
cause me to worry about its level security (did he or she put in a
back door?, did he or she make an error compiling it?, etc.).
* SQLite Encryption Extension
| |
| Octavian Rasnita 2007-12-20, 4:02 am |
| From: "Chas. Owens" <chas.owens@gmail.com>
> On Dec 19, 2007 5:59 PM, Octavian Rasnita <orasnita@gmail.com> wrote:
> snip
> snip
>
> It is possible. The person who wrote the C# library probably either
> bought the $2,000 license for SEE* or rolled his or her own version of
> it. You can buy the license or roll your own version of SEE for Perl
> as well. It is quite possible, but, since you can't redistribute the
> source code to SEE, there won't be CPAN module for it. Frankly, not
> being able to see the source code to System.Data.SQLite.DLL and its
> unknown provenence (how can you trust someone you don't know) would
> cause me to worry about its level security (did he or she put in a
> back door?, did he or she make an error compiling it?, etc.).
>
> * SQLite Encryption Extension
Yes you are right. That dll might have a backdoor or some bugs in it, as
well as any other Windows program that doesn't offer the source code.
However, a C# programmer would be able to use an encrypted SQLite database
very easy with it, while a perl programmer would need to create its own way
of encrypting the database, and this might not be very easy.
Octavian
| |
| Chas. Owens 2007-12-20, 8:00 am |
| On Dec 20, 2007 4:58 AM, Octavian Rasnita <orasnita@gmail.com> wrote:
> From: "Chas. Owens" <chas.owens@gmail.com>
>
>
>
> Yes you are right. That dll might have a backdoor or some bugs in it, as
> well as any other Windows program that doesn't offer the source code.
> However, a C# programmer would be able to use an encrypted SQLite database
> very easy with it, while a perl programmer would need to create its own way
> of encrypting the database, and this might not be very easy.
Actually it is very easy: buy SEE, download DBD::SQLite, swap the SEE
code with the version of SQLite DBD::SQLite uses, do the Perl make
dance*.
* which looks like this
perl Makefile.PL
make
make test
sudo make install
| |
| Octavian Rasnita 2007-12-20, 8:00 am |
| From: "Chas. Owens" <chas.owens@gmail.com>
> On Dec 20, 2007 4:58 AM, Octavian Rasnita <orasnita@gmail.com> wrote:
>
> Actually it is very easy: buy SEE, download DBD::SQLite, swap the SEE
> code with the version of SQLite DBD::SQLite uses, do the Perl make
> dance*.
It would be still easier to use that dll than to buy a $2000 program... I
guess. :-)
Octavian
| |
| fsantiago@dicksondata.com 2007-12-21, 4:01 am |
| On Dec 20, 4:49 am, orasn...@gmail.com (Octavian Rasnita) wrote:
> From: "Chas. Owens" <chas.ow...@gmail.com>
>
>
>
>
>
>
>
>
>
>
>
> It would be still easier to use that dll than to buy a $2000 program... I
> guess. :-)
>
> Octavian- Hide quoted text -
>
> - Show quoted text -
Thanks you guys for your feedback.
I found out this morning that my previous SQLite database is still
being kept by Windows Vista in its Virtual Store and that's the one
that my application was trying to open which of course will have
conflict with the encrypted version of System.Data.SQLite.DLL. It was
not Vista after all or the new DLL that caused the issue, my bad! I
deleted the old database file so that my application can create a new
encrypted one and it works fine!
Merry Christmas to everyone!
| |
| Octavian Rasnita 2007-12-22, 8:00 am |
| From: "Chas. Owens" <chas.owens@gmail.com>
> On Dec 19, 2007 5:59 PM, Octavian Rasnita <orasnita@gmail.com> wrote:
> snip
> snip
>
> It is possible. The person who wrote the C# library probably either
> bought the $2,000 license for SEE* or rolled his or her own version of
> it. You can buy the license or roll your own version of SEE for Perl
> as well. It is quite possible, but, since you can't redistribute the
> source code to SEE, there won't be CPAN module for it. Frankly, not
> being able to see the source code to System.Data.SQLite.DLL and its
> unknown provenence (how can you trust someone you don't know) would
> cause me to worry about its level security (did he or she put in a
> back door?, did he or she make an error compiling it?, etc.).
>
I found that System.Data.SQLite.DLL is an open source project and that
library can be used in comercial or non-comercial programs.
Its home page is at:
http://sqlite.phxsoftware.com/
I read that it doesn't require .net runtime, so I think it might be ported
to work in perl also.
But until someone who knows how to do that, it can be used in .net programs
only...
Octavian
|
|
|
|
|