Re: Encryption: Simplest method to encrypt a SQLite DB file...? {iPhone}
Re: Encryption: Simplest method to encrypt a SQLite DB file...? {iPhone}
- Subject: Re: Encryption: Simplest method to encrypt a SQLite DB file...? {iPhone}
- From: Jean-Daniel Dupas <email@hidden>
- Date: Fri, 23 Jan 2009 18:37:32 +0100
Le 23 janv. 09 à 17:41, email@hidden a écrit :
Environment: iPhone
I'm particularly concerned with 'data viewing'.
Think of the data as answers to a quiz. I worry that some
hacker could copy & distribute the data (rules) on the internet, and
in essence,
cheat the game.
Being that "... iPhone is far more restrictive towards tampering...",
Is it still possible to grab the SQLite DB file from the bundle to
view its (uncoded) data?
Yes. If you want to prevent reading, you cannot count on the signing
system.
Note that you mention that you want to update the DB. If by that you
mean, updating the DB and stored the new version in your bundle
resources, this is not a good idea.
It will break your signature, and will fail if the user does not have
appropriate privileges.
If not, then there's no need to encrypt the SQLite DB file within
the App Bundle.
Ric.
On 01/23/2009 07:44 Jean-Daniel Dupas wrote ..
Le 23 janv. 09 à 16:10, email@hidden a écrit :
I would like to:
1) Encrypt/Encode a SQLite DB file from the command line (or via an
application) and
2) De-Encrypt/Decode the same SQLite DB from within Cocoa/iPhone via
a key of some sort.
Scenario:
I'm developing a game using data values stored within a SQLite DB
file. I don't want hackers
to pry into the DB file and cheat the game; yet I need to
occasionally update the SQLite DB file via
importing MS Excel data.
I'm thinking of encypting the DB file that is stored with the
Application Bundle, then programmatically
de-code it within a working directory to glean the contents; then
remove the de-coded SQLite DB file.
So the game data is stored as an encrypted SQLite DB file within
the bundle, to be de-encrypted upon
game startup to load the environment variables.
If this is an iPhone app, it should be signed, and AFAK, the iPhone
is <-- 'AFAK' ?
far more strict than Mac OS with tempered applications.
And so, you don't need to do something special to prevent resources
modifications.
That said, the simplest way to crypt data on OS X is to use the
CommonCrypto API. (see /usr/include/CommonCrypto/CommonCryptor.h)
And it look like this API is also available on iPhone (see the
CryptoExercise sample code).
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden