Secure Embedded Database
Posted on 2011-02-15
I'm doing some retail software that I plan to distribute, and security of the data is a big issue. Not so much that the data is sensitive, but that I need to secure it from users being able to access it outside of the application. Reason being is that it ties back into my company that I would offer an additional data access option (Web), but if they have free access to it, then the push is pointless.
I can't require an internet connection, so SQL Server and MySQL are out. I know I can embed MySQL, but I just don't want the hassle of handling that in my JAVA app.
SQLite seems to lack any real security, but I have read that you can use SQLCipher to encrypt the database and decrypt at need for the data. How effective has this been for others? Is this a reasonable option?
What about HSQLDB? That seems to have a bit more options that I'd like to take advantage of, but I can't find much information on the web regarding security of the data.
JavaDB promotes security, but I haven't had a chance to play with it yet. Do you have any experience with it? Is it capable of what I'm after? Or maybe other suggestions?
Any and all suggestions would be greatly appreciated. In case it matters, this will be a swing application.