Using credentials to access the database?

[Jsparrow]

I'm using the CBLite .NET package and I noticed that after creating the database, I can use an sqlite browser to simply open the .cblite file and see the contents of the database. Is there a way to set a username and password and make it so that the database can only be opened with those ?

[Jens Alfke]

On Jan 7, 2015, at 3:12 PM, Jsparrow <regis...@gmail.com> wrote:

I'm using the CBLite .NET package and I noticed that after creating the database, I can use an sqlite browser to simply open the .cblite file and see the contents of the database. Is there a way to set a username and password and make it so that the database can only be opened with those ?

You mean you want to encrypt the database file? There's a fork of SQLite called SQLCipher that does encryption, although using it with Couchbase Lite requires some small modifications to CBL that haven't been made on the .NET side yet.

The drawback of this is that the user will have to type in a password every time they launch your app, which is annoying. (What platform is your app for?)

—Jens

[Jsparrow]

No I don't mean encryption, I'm talking about having database credentials. For example, with MySQL you have database credentials and you can't access the database without providing the database username and password when you open the connection to the database. I'm aware MySQL is not an embedded database, but that was just an example. I was just wondering if couchbase lite had something like that, my app is a windows application (not Windows phone) . And if cblite doesn't support credentials, the only other way to protect the contents would be encrypting, like you said.

[Jens Alfke]

> On Jan 7, 2015, at 6:38 PM, Jsparrow <regis...@gmail.com> wrote:
>
> No I don't mean encryption, I'm talking about having database credentials. For example, with MySQL you have database credentials and you can't access the database without providing the database username and password when you open the connection to the database.

MySQL is a server, so it can use a login to enforce access. But with an embedded database you have access to the raw data files, so the only way to protect them from being read (or modified) is to encrypt them. It's like trying to protect a text file or a Word doc from being read -- you have to encrypt it.

And encryption means a key that has to be kept secret, which means the user has to enter it as a passphrase when the app launches.

--Jens

[Jsparrow]

I see. I'll have to go with encryption then. The key can always be hardcoded in the application anyway. Thanks for the assistance.

[Jens Alfke]

On Jan 8, 2015, at 11:55 AM, Jsparrow <regis...@gmail.com> wrote:

I see. I'll have to go with encryption then. The key can always be hardcoded in the application anyway. Thanks for the assistance.

That's not secure! A hacker can very easily extract the key from the app and use it to decrypt anyone's database. (This sort of thing happens all the time, sadly.)

It would be irresponsible of you to promise data security to your users and not actually deliver it. And depending on the specific situation and the country, it could be illegal. For example, if this were a healthcare related app to be used in the USA, you could be violating HIPAA regulations by providing insufficient data security.

What exactly do you need the data security for, and what sorts of attacks are you trying to prevent?

—Jens

[Jsparrow]

What do you mean "extract"? If I create a C# windows application and hardcode the decryption key in a string variable (so that my app can access the contents of the db) and compile the application into an .exe file, can someone really find out the key just by using the .exe file? I know there's ways to reverse engineer applications but I don't know you could extract pieces of code like that. If they can find the key like that, does that mean that all of my C# code is available to them aswell? Thank you for your concern, but the application I'm creating is for personal use only, I'm not planning on making it public. It's just an application I plan to carry around on my usb to check for new email messages and I plan to store the email credentials on the db and some other application settings. I just want to encrypt the email credentials in case I ever lose the usb drive.

[Jens Alfke]

On Jan 8, 2015, at 7:46 PM, Jsparrow <regis...@gmail.com> wrote:

If I create a C# windows application and hardcode the decryption key in a string variable (so that my app can access the contents of the db) and compile the application into an .exe file, can someone really find out the key just by using the .exe file?

Sure. It's not even stored in the code; it's in a different section of the binary where constant data goes. (I've never coded for Windows so I don't know the format of their binaries, but all executable formats work this way.) Finding an AES encryption key would be harder than finding, say, a password, because a raw key is just 32 random bytes with no detectable pattern, but you can still decompile or step through the code as the app runs, for example looking for OS calls that do decryption and checking what parameters are passed to them.

This kind of thing happens all the time. It's how people break DRM, crack copy-protected software, create cheats for online games, jailbreak phones. There are people who are very good at this and see it as a challenge — they'll crack stuff even if they don't personally care about it, just to show off.

If they can find the key like that, does that mean that all of my C# code is available to them aswell?

I don't know as much about C#, but compiled Java code is easily decompiled. The output looks almost exactly like the original source code except that some names are lost (local variables, I think) and of course there aren't any comments.

I just want to encrypt the email credentials in case I ever lose the usb drive.

Just encrypt the filesystem on the drive, if Windows supports that.

—Jens

[Mike Rhodes]

On Friday, 9 January 2015 04:29:17 UTC, Jens Alfke wrote:

If they can find the key like that, does that mean that all of my C# code is available to them aswell?

I don't know as much about C#, but compiled Java code is easily decompiled. The output looks almost exactly like the original source code except that some names are lost (local variables, I think) and of course there aren't any comments.

I can confirm C# is just as easy to decompile as Java. Though if someone were determined enough, the bytecode is an easy enough read :)

Seconding Jens's suggestion of just encrypting the disk in this case.

Mike.

[Jsparrow]

Oh, I see. I didn't know that. Thanks for the explanation. I guess I'll just encrypt the filesystem then as you suggested.

[ja...@apx-labs.com]

What are the "small modifications to CBL" that you know need to be done? Has anyone started work on them?

I ask because I really am looking to use SQLCipher with couchbase-lite-net. Looking at the source, I notice that couchbase-lite-net uses SQLitePCL.raw, but SQLCipher implements the sqlite-net and Mono.Data.Sqlite APIs. I could make a new implementation of the ISQLiteStorageEngine that uses the sqlite-net API instead of the SQLitePCL.raw API, and then it would be easy to use either SQLCipher or sqlite-net-pcl within couchbase-lite-net. (sqlite-net-pcl uses SQLitePCL.raw underneath).

Would that be the ideal approach?

~James

[Jens Alfke]

On Jan 20, 2015, at 10:32 AM, ja...@apx-labs.com wrote:

What are the "small modifications to CBL" that you know need to be done? Has anyone started work on them?

In the iOS implementation you can find the changes in the feature/encryption branch.

The SQL changes are pretty simple; they’re in commit a8e98bf6. It took more work to implement encryption of attachments, because those are stored as individual files outside the database, which need to be individually encrypted/decrypted using AES-256.

—Jens