search

lansdon / cpts483_drc

WSU CPTS483 - Dispute Resolution Center (DRC)
1 stars 1 forks source link

DB - Encryption #15

Open ghost opened 10 years ago

ghost commented 10 years ago

Currently this is on the back-burner, but will eventually be an issue that we may need to address as any individual with a SQLITE Database Viewer can see all the information in the .db file.

plithnar commented 10 years ago

If the encryption is taken care of in the GUI itself though, the db is storing the encrypted password and the "login check" compares the encrypted password the user types to the encrypted one we have stored. Being able to read the encrypted password in plain text shouldn't help a hacker, right?

Sent from my iPhone

On Jun 12, 2014, at 12:53 AM, Artezul notifications@github.com wrote:

Currently this is on the back-burner, but will eventually be an issue that we may need to address as any individual with a SQLITE Database Viewer can see all the information in the .db file.

— Reply to this email directly or view it on GitHub.

wilkinscs commented 10 years ago

That is for passwords, but the DB is storing other information which is potentially sensitive like addresses and phone numbers. There is probably a way to encrypt the whole database without causing the DB programmers much pain. Maybe something like this: http://www.sqlite.org/see/doc/trunk/www/readme.wiki