I have a sqlite3 db which i insert/select from in python. The app works great but i want to tweak it so no one can read from the DB without a password. How can i do this in python? note i have no idea where to start.
我有一个sqlite3数据库,我在python中插入/选择。该应用程序工作得很好,但我想调整它,所以没有密码,没有人可以从数据库中读取。我怎么能在python中做到这一点?请注意我不知道从哪里开始。
9
You can use SQLCipher.
您可以使用SQLCipher。
http://sqlcipher.net/
Open Source Full Database Encryption for SQLite
SQLite的开源完整数据库加密
SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.
SQLCipher是一个SQLite扩展,为数据库文件提供透明的256位AES加密。页面在写入磁盘之前已加密,在读回时会被解密。由于占地面积小,性能卓越,因此非常适合保护嵌入式应用数据库,非常适合移动开发。
在许多操作中加密只需5-15%的开销即可实现快速性能
数据库文件中100%的数据被加密使用良好的安全实践(CBC模式,密钥派生)
零配置和应用级加密广泛平台
支持:适用于Windows,Linux,iPhone / iOS上的C / C ++,Obj-C,QT,Win32 / .NET,Java,Python,Ruby等...
2
A list of Python encryption examples.
Python加密示例列表。
2
As Frontware suggests, you can use sqlcipher.
正如Frontware建议的那样,你可以使用sqlcipher。
pysqlcipher python package can make it easier to use since it uses the sqlcipher code amalgamation to compile the extension.
pysqlcipher python包可以使它更容易使用,因为它使用sqlcipher代码合并来编译扩展。
It should be just a matter of using pysqlcipher as you would use regular sqlite.dbapi2, just setting the right crypto pragmas.
它应该只是使用pysqlcipher,因为你会使用常规的sqlite.dbapi2,只需设置正确的加密pragma。
1
SQLite databases are pretty human-readable, and there isn't any built-in encryption.
SQLite数据库非常易读,并且没有任何内置加密。
Are you concerned about someone accessing and reading the database files directly, or accessing them through your program?
您是否担心有人直接访问和读取数据库文件,或通过您的程序访问它们?
I'm assuming the former, because the latter isn't really database related--it's your application's security you're asking about.
我假设前者,因为后者并不是真正与数据库相关的 - 这是你要求的应用程序的安全性。
A few options come to mind:
我想到了一些选择:
使用文件系统权限而不是加密来保护数据库。你没有提到你的环境是什么,所以我不能说这是否适合你,但它可能是最简单和最可靠的方式,因为你无法尝试解密你无法阅读的内容。
在写入之前在Python中加密,在阅读之后在Python中解密。相当简单,但是你失去了SQL基于集合的匹配操作的大部分功能。
切换到另一个数据库;用户身份验证和权限是大多数多用户数据库的标准功能。当您发现自己不受工具的限制时,可能更容易查看其他工具而不是将新功能入侵当前工具。
1
I had the same problem. My application may have multiple instances running at the same time. Because of this, I can't just encrypt the sqlite db file and be done with it. I also don't believe that encrypting the data in python is a good idea, as you can't do any serious data manipulation in the database with it in this state.
我有同样的问题。我的应用程序可能同时运行多个实例。因此,我不能只加密sqlite db文件并完成它。我也不相信在python中加密数据是一个好主意,因为在这种状态下你不能在数据库中对它进行任何严格的数据操作。
With those constraints in mind, I have come up with the following two solutions:
考虑到这些限制因素,我提出了以下两个解决方案:
1) Use the before mentioned SQLCipher. The problems I see here, are that I will have to write my own bindings for Python, and compile it myself (or pay the fee). I might do this in either case as it would be a great solution for other Python developers out there. If I succeed, I will post back with the solution.
1)使用前面提到的SQLCipher。我在这里看到的问题是,我将不得不为Python编写自己的绑定,并自己编译(或支付费用)。在任何一种情况下我都可以这样做,因为对于其他Python开发人员来说这将是一个很好的解决方案。如果我成功了,我会回复解决方案。
2) If option 1 is too difficult for me, or too time consuming, I will use this method. This method is not as secure. I will use pycrypto to encrypt the database file. I will implement a SQL "server" which will decrypt the database file, then handle requests from various clients. Whenever there are no outstanding requests, it will reencrypt the database. This will be slower, over all, and leave the database in temporary decrypted states.
2)如果选项1对我来说太难,或者太耗费时间,我会使用这种方法。这种方法不够安全。我将使用pycrypto来加密数据库文件。我将实现一个SQL“服务器”,它将解密数据库文件,然后处理来自不同客户端的请求。每当没有未完成的请求时,它将重新加密数据库。总而言之,这将更慢,并使数据库处于临时解密状态。
Hope these ideas help the next guy.
希望这些想法可以帮助下一个人。
EDIT 1/13/2013
I gave up on SQLCipher because I couldn't seem to get it to compile, and the code base is trying to use OpenSSL, which while a sound library, is pretty massive of a code base for simple AES 128.
我放弃了SQLCipher,因为我似乎无法进行编译,而且代码库正在尝试使用OpenSSL,而OpenSSL虽然是一个声音库,却是简单的AES 128的代码库。
I found another option wxSQLite3, and I found out how to separate out just the SQLite encryption piece: https://github.com/shenghe/FreeSQLiteEncryption. I was able to get this to compile and work (with the latest version of SQLite3). wxSQLite3 also support AES 256 which is really cool. My next step is going to be to attempt to compile pysqlite (which is the sqlite library that comes built into python) with the modified sqlite3.dll. If that works, I'll tweak pysqlite to support the extended, encryption piece of the wxSQLite3's sqlite3.dll. In any case, I'll try to update this thread with my results, and if successful, I'll post the final code base, with build instructions, on Github.
我找到了另一个选项wxSQLite3,我发现了如何分离出SQLite加密文件:https://github.com/shenghe/FreeSQLiteEncryption。我能够编译和工作(使用最新版本的SQLite3)。 wxSQLite3也支持AES 256,这真的很酷。我的下一步是尝试使用修改过的sqlite3.dll编译pysqlite(这是python中内置的sqlite库)。如果可行,我将调整pysqlite以支持wxSQLite3的sqlite3.dll的扩展加密部分。在任何情况下,我都会尝试使用我的结果更新此线程,如果成功,我将在Github上发布带有构建指令的最终代码库。