SQL con.ChangePassword

Discussion in 'Questions (Windows Mobile)' started by RB Smissaert, Jun 12, 2009.

  1. RB Smissaert

    RB Smissaert Well-Known Member Licensed User

    Noticed that with an encrypted SQLite database file you can change to a new password without specifying the old password. I know that to do this you have to be connected first (with the old password), but I wonder if it wouldn't be safer to only allow you to change the password by specifying both the old and the new password.

    RBS
     
  2. Erel

    Erel Administrator Staff Member Licensed User

    I see your point. However as you wrote, without the password you will not be able to open the database and therefore not be able to change or remove the password.
     
  3. RB Smissaert

    RB Smissaert Well-Known Member Licensed User

    This password thing is always a bit difficult to comprehend and I can't really argue precisely, but I have a feeling that somehow it will be safer when you have to pass both the old and the new.
    Maybe Graham could comment as I think he is into this.

    RBS
     
  4. RB Smissaert

    RB Smissaert Well-Known Member Licensed User

    I meant Agraham.

    RBS
     
  5. agraham

    agraham Expert Licensed User

    I could write you a chapter of a book on this. Briefly, for a multi-user database accessed by people with different levels of permission to view and change things, for example Oracle, then yes, it is not secure to assume that having the database open is sufficient permission to change anything. However SQLite is not that sort of database. Once an encrypted database is open then the user can do anything to the data and its' structure so it seems reasonable to allow him/her to change the password as well. If you want proper security then SQLite is not suitable for this purpose.

    If you haven't read it then Appropriate Uses For SQLite details the sort of uses that SQLite was designed for. I particularly like this sentence that sums it up in a nutshell
     
  6. RB Smissaert

    RB Smissaert Well-Known Member Licensed User

    Thanks for your thoughts on this and I can see they make sense.

    RBS
     
  7. Erel

    Erel Administrator Staff Member Licensed User

    Thanks agraham. Interesting post.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice