在C#中加密SQLite数据库 [英] Encrypt SQLite database in C#
问题描述
有诸如 SQLite加密扩展程序和 SQLite Crypt ,但都是非免费的,而我的项目是在GPL下。
我以前使用的朴素方法是让SQLite处理一个临时文件,然后在程序退出时对其进行加密,并覆盖(零)原始文件。明显的缺点是如果程序崩溃(正在运行),则可以访问纯文本DB。
有更好的方法来处理吗?我可以将加密的流传递给包装器(而不是使用SQLiteConnection.CreateFile)?
也许我正在反思这个。在连接字符串中使用密码选项是否足够?在这种情况下,文件是否被正确加密(或者是较弱的保护)?
我建议使用System.Data .Sqlite包装器,其中包括加密。它的功能非常好,使用起来很简单,它是一个完整的ADO.Net实现。您可以从 http://sqlite.phxsoftware.com/ 获取包装器,开发人员将介绍如何使用他论坛上的加密: http://sqlite.phxsoftware.com/forums/t/ 130.aspx 。提示 - 您只需设置密码属性。他还介绍了他在论坛其他地方如何使用Microsoft Crypto API进行加密。
What is the best approach to encrypting a SQLite database file in .Net/C#? I'm using sqlite-dotnet2 wrapper.
There are tools like SQLite Encryption Extension and SQLite Crypt, but both are non-free, while my project is under GPL.
The naive approach I thought of using was to let SQLite handle a temporary file, then to encrypt it on program exit, and overwrite (zero-out) the original. The obvious drawback is that if program crashes (and while it is running), the plain text DB is accessible.
Is there a better way to approach this? Can I pass an encrypted stream to the wrapper (instead of using SQLiteConnection.CreateFile) ?
[edit] Maybe I am overthinking this. Is is sufficient to use Password option in the connection string? Would the file be encrypted properly in that case (or is it some weaker protection)?
I recommend using the System.Data.Sqlite wrapper, which includes encryption. It works great, it's easy to use, and it's a complete ADO.Net implementation. You can get the wrapper from http://sqlite.phxsoftware.com/, and the developer describes how to use the encryption on his forum at: http://sqlite.phxsoftware.com/forums/t/130.aspx. Hint - you just set the password property. He also describes how he does the encryption using the Microsoft Crypto API elsewhere in the forum.
这篇关于在C#中加密SQLite数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
