SQLite 3 encryption

I've been looking at using SQLite instead of MySQL to aid deployment of my applications, however Im concerned about security and reading up on SQLite and PHP you cant encrypt the database, you seem to be able to in everything else but PHP. This cant be true surely??

I have read you can buy encrpytion plugins but costs serious ££££.

Anyone have any suggestion for running a file type database (As opposed to a service like MySQL) that works with PHP?

Thank you
tonelm54Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
0
Ray PaseurCommented:
Given that it's a deployed application, what is the objective you're seeking by encrypting the database?
0
tonelm54Author Commented:
Good morning,
Sorry for the delay in reply, been working on a VPN project instead of this :-S

The idea is to just to keep the package simple to deploy and restore from backups. My manager wants to restore a project Im working on with one click (not have to restore the files and then the database), however as its going onto a shared server which Im not in charge of security I wanted to be able to protect the SQLite database as much as I can (I know someone with access will either be able to crack it or use the code to crack).

My current suggestion is to backup the database to a folder on a daily basis, then on application statup check the database, if its empty suggest restoring from one of the backups, then hopefully it will be a one click restore then I can control a wizard to restore the database, as then I can encripty the database backup.

Im surprised that there is no encyption built into PHP.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Ray PaseurCommented:
there is no encyption built into PHP
That's not entirely true.  PHP has six cryptography extensions.
http://www.php.net/manual/en/refs.crypto.php

Here is a simple example using mcrypt.
<?php // demo/encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;

    public function __construct($key='quay')
    {
        // THE KEY MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
    }

    public function encrypt($text)
    {
        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB);

        // DECLOP NUL-BYTES BEFORE THE RETURN
        return trim($data);
    }
}

// INSTANTIATE AN ENCRYPTION OBJECT FROM THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = $decoded = NULL;

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

// CREATE THE FORM USING HEREDOC NOTATION
$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

0
tonelm54Author Commented:
Sorry, what I meant was 'no encryption for SQLite'  built into PHP (or as far as Im aware)
0
Ray PaseurCommented:
Agreed.  It's not in the PHP native SQLite extension.  But you might find some useful information over here:
http://www.sqlite.org/search?q=encryption
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.