iOS中的SQLite安全性 [英] SQLite Security in iOS

问题描述

我正在开发使用sqllite db的应用程序.我想为数据库提供安全性.有什么方法可以为SQLite DB提供安全性，从而使任何人都无法通过入侵设备或其他方式读取它.

I am developing app, which uses sqllite db. I want to provide security to DB. Is there any ways to provide security to SQLite DB so that no one can read it by hacking device or something else.

我们应该提供任何加密还是苹果提供自己的安全性?哪些方法可以提供应用数据库安全性?

Should we provide any encrytion or apple provides their own security? Which are ways to provide app DB security?

谢谢

推荐答案

@Quentin的评论是正确的-只要有人对您的设备具有物理访问权限，破解它只是时间问题.但是，您可以将这段时间花很长时间以至于不值得.

@Quentin's comment is right - as long as someone has physical acces to your device, it's only a matter of time until it's cracked. However, you can make that amount of time take so long that it's not worth it.

如果要加密数据库，则解密密钥也必须存储在设备上(假设您希望它脱机工作).您可以使用钥匙串来存储此钥匙-然后他们必须破解 iPhone的钥匙串，然后他们才能访问您的数据.

If you were to encrypt your database, the decryption key would also have to be stored on the device (assuming you want it to work offline). You could use the keychain to store this key - then they have to crack the iPhone's keychain before they can get access to your data.

另一种替代方法是仅让您的应用程序在线运行-将密钥存储在服务器上，并在将密钥传递回应用程序之前让用户登录并进行身份验证.这需要您多做一些工作，但是可以确保密钥和数据存储在不同的位置.

The other alternative is to only let your app work while online - store the key on your server and have the user login and authenticate before you pass the key back to the app. This s a bit more work from you but will ensure that the key and the data are stored in different locations.

最后(也是最安全的)，您可以将所有内容存储在服务器上-这样，您就可以自己控制数据和密钥，并且防盗不会有丝毫差别.但是，如果您的数据集很大，则可能会使应用程序的用户界面更加复杂.而且，它显然不能离线运行:)

Finally (and most securely), you could store everything on your server - that way you control the data nd the key yourself and deice theft won't make the slightest bit of difference. however, if your data set is big this might make the ui of your app more complicated. And it won't work offline, obviously :)

这篇关于iOS中的SQLite安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！