SQLite Security And SQLCipher

SQLite is a light weight relational database management system (RDBMS) that is used by many applications.  Unfortunately, your data is not secure and can be read by anyone who has access to your SQLite database.

TCL (Tool Command Language) makes writing SQLite database applications a relatively simple chore where I can focus more so on the application itself.  For this reason and that SQLite is freely available and highly supported, I often prefer to use an SQLite database solution.

Although Microsoft’s SQL Server is typically our RDBMS of choice, having a secure database could well extend where SQLite can be deployed for more data sensitive applications.

Data Security Solutions

The SQLite site offers several Professional Support and Extension Products.  For a nominal one time fee you can purchase a license for the SQLite Encryption Extension that provides the added ability to read / write AES-encrypted databases.

Additional licensing options are available and include the “Compressed and Encrypted Only Database (CEROD)” license to read encrypted and compressed databases and the “ZIPVFS Read/Write Compressed Database Extension” license to automatically compress and encrypt data as it is written and decompress data and decrypt data as it is read.

The above options require a significant financial commitment, however, SQLCipher by Zetetic LLC provides a level of security that may give you cause to consider using SQLite for some of your more sensitive and smaller scale applications for a much lower (or free) price.

SQLCipher offers a variety of paid licensing options, however, according to the Open Source web page:  “SQLCipher Community Edition can be used in both open and closed source commercial software, but you must include our BSD-style license and copyright statements prominently in the application and documentation.

SQLite is one of many database options available to you as a developer.  Use your discretion when choosing which tools will best support and meet the requirements demanded by your application.

Until Next Time – STAY lean!

Versalytics

Related Articles and Resources

SQLite Web Security – SQLite.org

SQLCipher Extension for SQLite – GitHub – Latest release 3.4.2 – December, 2017.

How to Compile And Use SEE – SQLite.org

 

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.