在 Android 上访问受密码保护的 SQLite 数据库?

发布于 2024-10-30 06:55:58 字数 110 浏览 3 评论 0原文

我一直无法找到在 Android 上打开受密码保护的 SQLite 数据库的方法。由于设备很容易被root,我正在考虑使用密码保护数据库文件。然而,我并没有很幸运地找到 Android 平台内置的任何东西。

I haven't been able to find a way to open a password-protected SQLite database on Android. Since the device can easily be rooted, I am thinking of password protecting the database file. However, I am not having much luck finding anything built into the Android platform.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

初吻给了烟 2024-11-06 06:55:58

我认为 Android 框架不支持数据库密码保护。最好的选择是加密您的数据。请参阅SO问题: Android Sqlite 密码加密

I don't think that Android framework supports password protection on databases. Your best bet is to encrypt your data. See SO question: Android Sqlite Password Encryption

ヤ经典坏疍 2024-11-06 06:55:58

您可以加密 SQLite 数据库。 Android 不支持完整数据库加密,因此如果您愿意,您必须自己实现。

如果您想走加密路线,那么根据莫里森的回答,您最好自己加密敏感信息并将其存储在数据库字段中。

话虽如此,您将加密功能的密码放在哪里?您可能会在应用程序中的某个地方需要它!在这种情况下,有人可以反汇编您的代码,然后找到密码,并解密信息(尽管这会需要更多工作)。

除非你对信息进行哈希处理(单向),否则设备上没有硬件加密(即使有缺陷),你就无法完全安全地在设备上存储任何内容——你总是需要在某个时候解密信息,并且为此,密码必须位于设备上的某个位置。

如果您想要真正强大的安全性,请将敏感信息存储在服务器上(最好是在真正安全的位置),而不是设备上,并且仅通过加密通道 (HTTPS) 在设备和服务器之间进行通信。您还需要以安全的方式验证设备。但要做到这一点,您需要在设备上存储一些敏感信息,以便通过服务器对设备进行身份验证,除非您强制用户每次都输入密码(如果必须安全,则建议这样做)。
如果信息存储在服务器上,您不一定能阻止不应该获得访问权限的人(通过查找您存储的密码或对用户进行网络钓鱼(如果密码存储在用户的头脑中)),但您可以撤销对该信息的访问权限。

You can encrypt SQLiteDatabases. Android does not support full-database encryption so you'd have to implement that yourself if you want to.

If you want to go down the encryption route, you're much better off just encrypting the sensitive information yourself and storing it in a database field, as per Morrison's answer.

All that said -- where are you putting the password for the encryption function? You'll probably need it somewhere in your application! In which case someone can just disassemble your code and then find the password, and decrypt the info (although it will be a bit more work).

Unless you're hashing info (one-way) then without hardware encryption on a device (and even that has flaws) you cannot store anything on the device perfectly securely -- you're always going to need to decrypt the info some time and for that the password has to be on the device somewhere.

If you want really robust security then store sensitive information on a server (preferably in a really secure location), not the device, and only communicate between the device and server over encrypted channels (HTTPS). You'll also need to authenticate the device in a secure manner. But to do that you need to store some sensitive information ON the device in order to authenticate the device with the server, unless you force the user to enter a password every time (recommended if security is a must).
If the information is stored on a server you can't necessarily prevent someone who shouldn't gaining access (by finding the password you have stored or phishing the user if it's stored in their head), but you can revoke access to the information.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文