05-01-2013 08:01 PM
I had like to know the encryption details for a database created via a webworks app. So far all I have been able to learn from separate comments in the forum is that SQLite DB in Web Works app is encrypted by default. I have tried to open the database and I do see it is encrypted.
Some of the links that point this out:
What I had like to know is the details. Is there a well documented feature spec or link that we can direct our customers to?
Solved! Go to Solution.
05-03-2013 04:30 PM
Is this an appropriate link for your customers?
05-03-2013 05:07 PM
Thanks for the reply Tim.
So the secuity details mentioned in the link you provided, are they applicable for the SQLite db created from WebWorks app too? I was looking at this link but it has no mention about the db encryption.
05-03-2013 05:30 PM
No actually. I missed that in your original post - I was just thinking about SQLite. You would need to create an extension that stored the data using the SQLite api and encryption methods. The standard HTML5 API for Database did not include encryption.
05-03-2013 06:44 PM
05-03-2013 07:33 PM
This is a bit confusing. The links I had mentioned above, all talk about Webworks app and it has been mentioned in them the db is encrypted. I am not using any extension for db handling and when I tried to open it, I did see it to be encrypted. Am I missing something here?
I have seen that post about the crypto extension but unfortunately it's only for BB10. We are developing for BB OS 6/7/7.1 as well and need to cover their encryption as well.
05-03-2013 07:47 PM
05-03-2013 08:10 PM
Strange, I was certain that I was told the database was not encrypted, but there seems to be lots of people who would know saying it is. I will have to check my sources.
And I don't see it documented anywhere, which is pretty silly. I will see what I can do about that when I know what the real answer is.
05-06-2013 03:53 PM
Okay, I've checked with some folks and I've got more information now about what the situation is.
[JAVA] SQLite databases in a Java app are not encrypted by default, but can be encrypted.
[WebWorks] SQLite databases in a WebWorks app are encrypted by default and there are no APIs to change it or do anything with the encryption.
[WebWorks] Databases are not encrypted by default - as they exist within the application's secure sandbox.
The encryption in the case of BBOS WebWorks is done by WebWorks - which is calling the BlackBerry Java SQLite API to do so. So those docs I sent about SQLite encryption in Java apply to WebWorks.
05-06-2013 04:25 PM
SQLite - well it says it on the tin (it's lite)
Both Oliver and Tim provide good advice
As Tim notes the filesystem on BB is available but unencrypted. The thing not mentioned is that its almost impossible to access that data unless you deliberately expose it in some way
As Oliver notes you can do on-device encrpytion, this also is good
There comes a choice at some point as to your DB of choice
If your requirements are simple - encypt a text file (extremely easy)
As you mention SQLite (it's a key-pair solution) it seems unlikely that you need a full 3NF - it sounds like we're talking names and addresses rather than associative requirements (look up Third Normal Form in Wiki)