apsw icon indicating copy to clipboard operation
apsw copied to clipboard
verified publisher icon rogerbinns

Add support for Connection key/rekey when SQLITE_HAS_CODEC

Open pallas opened this issue 6 years ago • 4 comments

pallas avatar May 28 '19 20:05 pallas

I am in favour of this, but adding it to the test suite is complicated. I was under the impression that pragmas could also be used for the keying. If that is the case then I'm happy to make that easier to do, and perhaps use the pragma under the hood instead of calling sqlite3_key()?

rogerbinns avatar Jun 09 '19 23:06 rogerbinns

Pragmas can be used but not as prepared statements, so one must attempt to escape the value manually. Additionally, potentially having a password hang out in the statement cache feels bad to me. I'm happy to entertain other options, I'm definitely a novice here.

~Derrick • iPhone

On Jun 9, 2019, at 4:44 PM, Roger Binns [email protected] wrote:

I am in favour of this, but adding it to the test suite is complicated. I was under the impression that pragmas could also be used for the keying. If that is the case then I'm happy to make that easier to do, and perhaps use the pragma under the hood instead of calling sqlite3_key()?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

pallas avatar Jun 10 '19 00:06 pallas

I think you mean that pragmas can't be used with bindings? (SQLite only has "prepared" statements - there is no other kind.). Some good news is that escaping is trivial and built to APSW:

>>> print(apsw.format_sql_value(b'\x02\xde\x37\x01\xff'))
X'02DE3701FF'

And you can disable the statement cache. This is better but still not good. Still working on it.

rogerbinns avatar Jun 10 '19 15:06 rogerbinns

SQLite has killed SQLITE_CODEC so that can't be used.

The official encryption extension doesn't mention sqlite3_key_v2 (only an implied v1). However it also mentions using pragmas for doing the keying.

While I'd like to do this, I don't have any code to test against and implementing the methods is a compile time decision.

It does highlight the need to prevent a statement from being cached - https://github.com/rogerbinns/apsw/issues/362

Your code also looks thorough and complete! I'm open to any suggestions on how to proceed.

rogerbinns avatar Aug 29 '22 21:08 rogerbinns

APSW 3.39.4.0 now has can_cache parameter which prevents using the statement cache, so all is good. Closing this PR.

rogerbinns avatar Oct 08 '22 23:10 rogerbinns