Topic: European Data Privacy question

Hi Dimtry,


I need some information from your side because of Data Privacy and maybe other customers in the european community too.


On May 25, 2018 the new european privacy protection law will become active, which requires "privacy by design".


This means, that I am, and regulary all european users/developer of databases, forced to store "personal" information encrypted. Personal information are widely definied and could be, for example, the contact name of a sales person on a corporate company, Employee vehicle registration No. on travel expenses.


I have three options available
- Encryption of the whole local database (which is not supported by the SQLite Engine as far as I know)
- Encrypted connection to an database server (is this supported with MySQL as far as I know)
- Encrypted fields in a database table (last time there were some problems with ANSI/UTF Chars in storing encrypted RC5 values)


For your information security officer (which is now required by EU-Privacy Protection Law) I need answers to the following questions:
- Is there any plan/option to encrypt the local SQLite Database (must be "clear" in copyright to distribute applications)?
- Will the ANSI/UTF Problem solved with the RC5 encryption?
- Is there any plan/option to encrypt the connection to MySQL - or other Database servers if you support them?
- Is there any plan/option to use AES256, Blowfish, or other strong encryption with MyVisualDatabase?
- Is there a plan or option to use stronger hash algorithm like SHA256?


Thank you for your help in advance.

Teco.

Re: European Data Privacy question

Hi,
There is a sample of encrypted sqlite database on the forum ('Full DB Encryption'). I don't remember where but you can search. To use it, you have to replace the sqlite3.dll with the one provided. There are specific commands to set a password and to connect. The topic has a MVD sample with code (very easy to set up). You only have to add this in your script :

begin
    // SQLExecute('PRAGMA rekey=''password';');
    SQLExecute('PRAGMA key = ''password';');
end.


Regards,
jihem

while(! success=retry());
https://jihem.itch.io

Re: European Data Privacy question

jihem wrote:

Hi,
There is a sample of encrypted sqlite database on the forum ('Full DB Encryption'). I don't remember where but you can search. To use it, you have to replace the sqlite3.dll with the one provided. There are specific commands to set a password and to connect. The topic has a MVD sample with code (very easy to set up). You only have to add this in your script :

begin
    // SQLExecute('PRAGMA rekey=''password';');
    SQLExecute('PRAGMA key = ''password';');
end.


Regards,
jihem

Take a look at the webpage of SQLite.
https://www.hwaci.com/sw/sqlite/see.html


The encyption is a pay-feature.


teco049 has written

- Is there any plan/option to encrypt the local SQLite Database (must be "clear" in copyright to distribute applications)?

Simply replacing is not enough. You need to spend 2000 USD for the license.


To teco049:
Seems that you are using a lot of scripts when I read your posts here.
Consider about
- Embarcadero Delphi Enterprise (encryption is included for SQLite and database servers via Firemonkey)
- Lazarus/Free Pascal (Encyption libraries on their webpage and community pages. SQLite encryption is not included, but you can use AES Libraries for various table fields - or use another desktop database engine with encryption.

Re: European Data Privacy question

Sorry for delay, I was on vacation.


In the moment I can suggest to use SQLCipher C/C++ DLL for Windows ($499 / developer)


Also you can check this example, how to encrypt data.
http://myvisualdatabase.com/forum/misc. … download=1

Dmitry.

Re: European Data Privacy question

DriveSoft wrote:

Sorry for delay, I was on vacation.


In the moment I can suggest to use SQLCipher C/C++ DLL for Windows ($499 / developer)


Also you can check this example, how to encrypt data.
http://myvisualdatabase.com/forum/misc. … download=1

Hi Dimtry,


Thank you for the information.

The encryption in the example is compatible to RC4 which is flagged as broken/unsafe.
EU requries to use encryption with a "current technical status" which means for example AES, Twofish.


The SQL Cipper for $499 seems to be better.


Any solution for MySQL Connections?


Thank you.
teco049

Re: European Data Privacy question

teco049


Please download latest beta version 4.4
https://www.dropbox.com/s/5x7vjreoju45z … a.zip?dl=0



Example how to use MySQL SSL
http://myvisualdatabase.com/forum/viewt … ?pid=25154

Dmitry.