Android Sqlite 数据库安全
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3140230/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sqlite database security
提问by Chandana
I'm developing an application which will be storing user sensitive data. My issue is using other applications that a user can view that stored data with. Then I need to provide better security for the data in general.
我正在开发一个将存储用户敏感数据的应用程序。我的问题是使用用户可以查看存储数据的其他应用程序。然后我需要为数据提供更好的安全性。
Is there any way to provide better security for SQLite database and tables?
有什么方法可以为 SQLite 数据库和表提供更好的安全性?
采纳答案by Jay
The author of sqlite offers a version that encrypts data. It's not free though
sqlite 的作者提供了一个加密数据的版本。虽然不是免费的
回答by Shade
Encrypt your data before you enter it in the database. As far as I know, the SQLite database is kept in a single file somewhere in the /data/ directory. What is more, your data is kept in plain text format. This means that it will always be possible for someone to extract that data by rooting the phone, obtaining the .db SQLite file and opening it with a text editor.
在将数据输入数据库之前对其进行加密。据我所知,SQLite 数据库保存在 /data/ 目录中某处的单个文件中。更重要的是,您的数据以纯文本格式保存。这意味着某人始终可以通过将手机设为 root、获取 .db SQLite 文件并使用文本编辑器打开来提取该数据。
So, encrypt your data :)
所以,加密你的数据:)
-- Okay, maybe not a text editor, but a simple hex editor. Anyways...
-- 好吧,也许不是文本编辑器,而是一个简单的十六进制编辑器。无论如何...
回答by Markus Junginger
Check out SQLCipher for Android. It's free (Apache 2 and BSD licences).
查看适用于 Android 的 SQLCipher。它是免费的(Apache 2 和 BSD 许可证)。
PS.: Some ORMs also support SQLCipher now, e.g. our greenDAO.
PS.:一些 ORM 现在也支持 SQLCipher,例如我们的greenDAO。
回答by ryangavin
You could encrypt the data using a user specific salt retrieved from your server. That way, even with root access you would need the users salt to decrypt the database. Since you have control over the salt you provide an extra layer of security, however, your user will always need a network connection to access their data.
您可以使用从您的服务器检索到的特定于用户的盐来加密数据。这样,即使具有 root 访问权限,您也需要用户 salt 来解密数据库。由于您可以控制盐,因此您提供了额外的安全层,但是,您的用户将始终需要网络连接来访问他们的数据。
回答by Ben
why are you keeping sensitive data on the phone? If its sensitive, why not send it back to the server where you have control over things. If the user roots their phone, they can basically do what they want. Other than that, encrypting like Shade mentioned would probably be your only option...
为什么要在手机上保存敏感数据?如果它很敏感,为什么不将它发送回您可以控制事物的服务器。如果用户root了他们的手机,他们基本上可以为所欲为。除此之外,像Shade提到的加密可能是你唯一的选择......
回答by Riz
Good way to protect the the Database is to use the password Protected database and you can create it by using
保护数据库的好方法是使用密码 Protected 数据库,您可以使用
1- android Sql3 wrapper library
1- android Sql3 包装库
2- libsqlite3_jni.so
2- libsqlite3_jni.so
also please read the article below are make your search on the option above, i hope this would help much.
也请阅读下面的文章,对上面的选项进行搜索,我希望这会有所帮助。
