Android的:如何保护数据在SQLite数据库? [英] Android: how to protect data in a SQLite database?
问题描述
我目前正在开发一个Android游戏,将数据保存到一个SQLite数据库。这是不是真的敏感的数据,但我不希望用户能够为修改它(对游戏平衡的原因很明显,因为这将是作弊)。而且它很容易访问和修改一个SQLite数据库的当你的手机是植根(也有大量的应用,在市场上)。
I'm currently developing an Android game which saves data into a SQLite database. This is not really "sensitive" data, but I don't want users to be able to modify it (for obvious reasons of game balance, as it would be cheating). And it's quite easy to access and modify a SQLite db when your phone is rooted (there are plenty of applications for that in the market).
所以要我甚至担心,或考虑用户带来了根深蒂固的手机可以为所欲为,包括作弊,这就是他们的选择?或者可能我莫名其妙的加密我不想让他们修改或添加 MD5校验或类似的数据?
So should I even worry about that, or consider users with a rooted phone can do whatever they want including cheating and that's their choice? Or could I somehow encrypt the data I don't want them to modify, or add a MD5 checksum or something similar?
另一种方法是完全放弃SQLite的,并使用某种形式的二进制文件与游戏数据。
Another approach would be to abandon SQLite altogether and use some kind of binary files with game data.
请让我知道你们当中有些人已经遇到了类似的问题,什么是在Android游戏开发社区,你遵循的方法,以及在良好做法。
Please let me know if some of you already encountered similar issues, and what are the approaches you followed, as well as the "good practices" in the Android gaming development community.
感谢。
推荐答案
为大家和安全Root权限是互斥的。
Root access for everybody and security are mutually exclusive.
任何应用程序或用户具有root权限的用户可以读取的并修改的每一个系统上的文件,以及所有的主内存。一点不假很多地方来存储一个潜在的加密密钥数据库。
Any application or user with root permissions can read and modify each and every file on your system, as well as all of the main memory. That doesn't leave many places to store a potential encryption key for the database.
您可以隐藏关键的可执行文件,配置文件等部位,但一切你能想出会比模糊处理,安全通过隐藏罢了。
You could hide parts of the key in the executables, configuration files etc, but everything you could come up with would be nothing more than obfuscation and security by obscurity.
如果一个用户选择,以获得root权限给大家,这是他们的决定,这不是你的工作,作为一个应用程序开发人员prevent可能造成的任何伤害。
If a user opts to grant root access to everybody, that's their decision, and it's not your job as an app developer to prevent any harm that might be caused.
更新: <一href="http://stackoverflow.com/questions/4671859/storing-api-keys-in-android-is-obfustication-enough">Storing在Android的API密钥,是obfustication足够是pretty的类似的问题? - 它是关于保护API密钥,但是它与问候你选择了同样的情况。
Update: Storing API keys in Android, is obfustication enough? is a pretty similar issue - it's about protecting API keys, but it's the same situation with regards to your options.
这篇关于Android的:如何保护数据在SQLite数据库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
