Topic: Encryption SQLite ?

Hi,

maybe I am unable to find it...
Is there a possibility to encrypt the SQLite Datebase complete or specific records on it?

Maybe something like

encyptAES(string:Passwort;var:Content):string

which could be used like

string enctext = encryptAES("ABC", "This is a very secret text")

string StrPassword = "123"
string enctext = encryptAES(StrPassword, File:\\temp\Image_From_ExWife.jpg)

I want to store credit card numbers encrypted in a database.

Re: Encryption SQLite ?

Hello lostdb,


As far as I known (wait for Dmitry's confirmation) there is no (not yet) encryption methods included in MVD.


The only available security method available right now is MD5, but this is not encryption, this is hash, and it can not be decrypted.


This can nonetheless be used to store passwords for example. You can not recover it, but you can check if the hash are the same.

1- save the password with MD5 :

procedure Form1_Button1_OnClick (Sender: string; var Cancel: boolean);
var
    login, pwd : String;
begin
    login := Trim(Form1.Edit1.Text);
    pwd := StrToMD5(Trim(Form1.Edit2.Text));
    SQLExecute('INSERT INTO users(login, password) VALUES("'+login+'","'+pwd+'")');
end;

The TRIM command is there just to get ride of whitespaces, and I warn the user that they are stripped.


2- comparing passwords on the login form :

procedure frmLogin_btLogin_OnClick (Sender: string; var Cancel: boolean);
var
    login, pwd, legit_pwd : String;
begin
    login := Trim(frmLogin.Edit1.Text)
    pwd := Trim(frmLogin.Edit2.Text)

    legit_pwd := ('SELECT pwd FROM users WHERE users.login = "'+login+'"');
        if StrToMD5(pwd) = legit_pwd then.... //some awesome code of course
end;

The password is not decrypted or unashed, we just compare if the hashed version of the password the user typed is is equal to the stored hashed password.


I guess you could store credit card numbers with such a method if you don't need to recover them, but just check for their validity when the user typed it a second time. If you really need to encrypt/decrypt, that's another thing.


Cheers


Math

I'm a very good housekeeper !
Each time I get a divorce, I keep the house

Zaza Gabor

Re: Encryption SQLite ?

Dear Math,
I need to decrypt the information / Credit card number.

We have virtual credit cards for online purchasing and need store the information encypted.
We have other databases which need to be upgraded to a more current plattform. They have also encrypted information. Hash is not suitable for us.

Thank you
lostdb

Re: Encryption SQLite ?

lostdb
Check out this example:
http://myvisualdatabase.com/forum/misc. … download=1



Anyway it's not good idea to store credit card number in a local database, you should use MySQL client-server database, to prevent access to whole database file. Also you should use SSL connection:
http://dev.mysql.com/doc/refman/5.7/en/ … tions.html


But in the current version MVD not support SSL connection. Maybe you should use more advanced tool to provide more security of data.

Dmitry.