-
Notifications
You must be signed in to change notification settings - Fork 52
Use SQLCipher to encrypt SQLite databases: datastores & indexes (second try) #112
Conversation
Main things:
|
Changed:
Not changed:
Also:
Pending:
|
37b0cf7
to
069245d
Compare
|
||
#import "CDTDatastore.h" | ||
|
||
@protocol CDTEncryptionKeyProviding; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be CDTEncryptionKeyProvider
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 66c19fb
Several of the error and other log messages in Also remember log messages are read by a developer, so messages like |
result = (queue != nil); | ||
} | ||
|
||
// Cipher database |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment seems inaccurate -- this checks we can use the key provided with the database file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in bc0c17e
I think you could split up 9127d10, it's over 3000 lines in a single commit. Could you have something like:
|
} | ||
|
||
return success; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has far fewer checks than the version inside TD_Database. E.g.:
- No check for whether the database is encrypted if there is no key provided.
- You don't do the query to
sqlite_master
to make sure the key actually works.
It might be worth pulling out a utility class which does all these checks so both TD_Database and CDTIndexManager (and the Query index manager) can use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But an index manager is created with an datastore. If the datastore is correctly initialised, this code will not fail. It will fail if the datastore is encrypted but the index is not, which means that the user copied in the folder an index created with a different datastore. Do we need to add defensive code for a situation like this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you should assume that the data on disk is consistent with each other. As you say, it's easy enough for an index database to be copied in whose encryption or lack thereof doesn't match the one on the main database.
In addition, in making the assumption that the TD_Database object does all the checks you need, you're increasing coupling between the two objects and the knowledge that someone maintaining the code needs to have of the wider system.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in dc84c4b
@return a datastore for the given name | ||
|
||
@warning *Warning:* Encryption is an experimental feature, use with caution. It won't work unless | ||
you use subspec 'CDTDatastore/SQLCipher' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is encryption experimental? I was hoping not, though the warning to use CDTDatastore/SQLCipher
is useful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it is not experimental but at the moment I wrote this comment I considered this development part of a bigger one so it was experimental in the sense that there were still more changes to deploy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in ad3debd
A +1 from me, awaiting @emlaver |
+1 |
eb282de
to
347585c
Compare
Details: - Conform to protocol CDTEncryptionKeyProvider to inform a key to cipher databases - If a CDTDatastore is created with a key, the CDTIndexManager based on that CDTDatastore uses the same key to encrypt its database. - New subspec in CDTDatastore.podspec. Use 'CDTDatastore/SQLCipher' to get a version of the library capable of encrypting the databases. - Added new tests specific for the new funcitonality. Updated .travis.yml to run the tests in Travis CI
CDTDatastoreManager opens a database in order to delete it. If the database is not open yet, do not allocate memory and delete it from disk
Read-only property 'database' in CDTDatastore already ensures that the database is open, i.e. do not open database again in methods in CDDatastore+Conflicts
CDTDatastoreManager deletes databases from disk, however TD_DatabaseManager does not release them. More exactly, CDTDatastoreManager creates databases through TD_DatabaseManager but it deletes them on its own, so TD_DatabaseManager never releases them
347585c
to
62650b2
Compare
Not merged to master, new branch feature-encryption created to hold whole feature while allowing smaller PRs as development occurs |
What:
Provide a mechanism to cipher the SQLite databases in CDTDatastore with SQLCipher.
Why:
Some users can not rely on the encryption provided by default in iOS. We have to give an alternative solution for those that are in this situation.
How:
CDTDatastore accesses to SQLite databases with FMDB. This library is already able to use SQLCipher, we only have to provide a key to encrypt the database and compile the library with the correct subspec. However users should not have to care about 3rd party libraries so:
Tests:
CDTDatastore manages two different databases:
Each one is tested independently. Also the result of these tests depends on the library included, i.e. if SQLCipher is included or not.
reviewer @mikerhodes
reviewer @emlaver