how to set password to sqlite db in xamain?

How to set password to sqlite db ?

Answers

  • GlennStephens.8241GlennStephens.8241 AUXamarin Team, University, XamUProfessors, Developer Group Leader Xamurai

    Hi Pradnya,

    You may have to use a third party option for security for Sqlite as several of the libraries that provide the security are licensed. The one that is most used by Xamarin is https://components.xamarin.com/view/sqlcipher-for-xamarin-ios and you can download it and try it to see if it works for you.

    Thanks,
    Glenn

  • Pradnya.9857Pradnya.9857 USUniversity ✭✭

    Thank you I will try it.

  • rene_ruppertrene_ruppert DEXamarin Team, University, XamUProfessors Xamurai

    To my knowledge there is no way to support password protected Sqlite DBs out of the box. But as so often, my first question to you is: why do you want to add a password protection to your DB?

    I see two scenarios:

    • You want to protect your DB from being easily accessed by a third party tool.
    • Your app contains highly sensitive data.

    For the first case, I would not bother with any protection measurements. Mobile apps are already sandboxed. If somebody gets to the point where they can access your DB file, they will most probably also be able to grab the password from your application code.

    Second case is a different topic. But there, you don't want password protection but proper encryption.

    To fully encrypt your database:

    • Use libs like PCLCrypto] to encrypt your DB file and decrypt the entire file on demand and then encrypt it again afterwards.
    • Use SqlCipher to encrypt the DB at page level.

    Disadvantage of first option is that at some point there is an unencrypted version of your DB hanging around in the file system and there's a chance it won't be deleted if your app exits.

    Another option is to encrypt only the relevant data in your database. Typical not everything is sensitive data but only parts. For instance, let's say you have a table that stores user IDs, user names and credit card numbers. User ID and name are not necessarily sensitive (although this is arguable - but for the sake of this example it'll do :-)), but the credit card number certainly is. You could now encrypt the credit card number if you write it to the DB and decrypt it if you read it, again using PCLCrypto or another encryption method. Main problem here is: you cannot query for the credit card numbers and the added process of encryption/decryption slows operations down.

    In all cases: as long as the password/key is stored inside your app, the whole protection does not make a lot of sense. If your app is PIN protected and the PIN is used as part of the key, then that's secure.

    And final words: protecting data is hard. It's easy to get it done wrong. You should always try to not store anything sensitive on the device.

Sign In or Register to comment.