加密将捆绑在pyexe文件中的Sqlite数据库文件 [英] Encrypting a Sqlite db file that will be bundled in a pyexe file

问题描述

我一直在努力开发此分析工具，以帮助解释和分析包装中捆绑的数据库。对于我们而言，以只能通过我们的软件访问的方式保护数据库安全非常重要。用Python实现它的最佳方法是什么？

I have been working on developing this analytical tool to help interpret and analyze a database that is bundled within the package. It is very important for us to secure the database in a way that can only be accessed with our software. What is the best way of achieving it in Python?

我知道可能没有确定的解决方案，但是威慑才是真正重要的。

I am aware that there may not be a definitive solution, but deterrence is what really matters here.

非常感谢你。

推荐答案

这个问题大约每个月出现在SQLite用户邮件列表中。

This question comes up on the SQLite users mailing list about once a month.

无论您进行多少加密等操作，如果数据库在客户端计算机上，则解密的密钥有时也会在计算机上。攻击者将能够获得该密钥，因为它是他们的机器。

No matter how much encryption etc you do, if the database is on the client machine then the key to decrypt will also be on the machine at some point. An attacker will be able to get that key since it is their machine.

一种更好的看待方式是金钱–坏人需要多少钱花费以获取数据。通常最多是几百美元。只需一个人就能获得密钥，然后他们便可以为每个人发布数据库。

A better way of looking at this is in terms of money - how much would a bad guy need to spend in order to get the data. This will generally be a few hundred dollars at most. And all it takes is any one person to get the key and they can then publish the database for everyone.

因此，要么像Donal提到的那样去使用Web服务，要么就可以花几分钟混淆数据库。例如，如果您使用APSW，则可以在几行中编写VFS，以对数据库内容进行XOR，以便常规SQLite无法打开它，文件查看器也不会显示正常的SQLite标头。 （APSW中有示例代码显示了如何执行此操作。）

So either go for a web service as mentioned by Donal or just spend a few minutes obfuscating the database. For example if you use APSW then you can write a VFS in a few lines that XORs the database content so regular SQLite will not open it, nor will a file viewer show the normal SQLite header. (There is example code in APSW showing how to do this.)

因此，任何拥有数据库内容的人都必须有意识地这样做。

Consequently anyone who does have the database content had to knowingly do so.

这篇关于加密将捆绑在pyexe文件中的Sqlite数据库文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！