如何在iOS中保护SQLite数据库？ [英] How Should I Secure a SQLite Database in iOS?

问题描述

我正在开发一款医疗保健iOS应用程式。我想要我的用户的数据加密，如果他们的iPhone被盗，小偷将无法访问他们的健康信息。合法的所有者应该能够访问其信息（与这个问题不同） a>）。

I'm developing a healthcare iOS app. I'd like my users' data to be encrypted so if their iPhone is stolen, the thief won't be able to access their health info. The rightful owner SHOULD be able to access their information (so different than this question).

我正在考虑使用 SQLCipher 加密

这是一个很好的技术吗？

Is this a good technique?

我理解正确 - 因为一切都在设备上 - 一个确定的黑客将能够打破，无论什么？

Also, do I understand correctly that--since everything is on the device--a determined hacker will be able to break in no matter what?

推荐答案

我认为你的解决方案使sens。

I think that your solution make sens. It gives quite good security and keep your app simple to use.

您使用keychain的主要原因是用户备份是安全的，因为keychain内容不支持与iphone。 （但我猜你已经知道了）

The main thing you are geting with keychain is that the user backups are secured because keychain content isn't backed up with iphone. (But I guess you know that already)

但是这是巨大的安全加上，因为潜在的黑客将必须获得物理访问的iphone。此外，如果iphone被pin阻塞，很可能只有快速的方式来获取数据是物理访问设备的闪存，这不是最容易做的事情。

But this is huge security plus as the potential hacker will have to get physical access to the iphone. Moreover if the iphone is blocked by pin it is likely that the only quick way to get the data out is to physically access the flash memory of the device which isn't the easiest thing to do.

说实话，如果你强迫他们输入长密码，我不相信用户会使用你的应用程序。如果你让他们使用他们喜欢的任何密码，黑客将能够打破数据库加密使用字典攻击。

To be honest I don't believe that users will use your app if you force them to enter long passwords. And if you let them use any password their like, hackers will be able to break the database encryption using dictionary attack.

这篇关于如何在iOS中保护SQLite数据库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！