Recent

Author Topic: Looking for advice on "Simple" database  (Read 3673 times)

Tony Stone

  • Full Member
  • ***
  • Posts: 216
Looking for advice on "Simple" database
« on: January 22, 2022, 07:48:19 pm »
So I am building a password manager type program.  I will need to securely store my users data.  I want to use a simple file to keep it all portable.  Anyway, I am looking at some of the components such as TSdfDataSet and TMemDataSet.  Now... I will need to be able to store simple text data and also image data in this file, like screenshots.  I am afraid of the file becoming very large but I think it will need to stay in memory because at some point I want the file to be encrypted and obviously only decrypt it while in memory?  Anyway I am just wondering what the smartest approach would be to something like storing multiple data types in a simple text type of file.  I considered SQLLite but I am trying to make sure my program has hardly no external dependencies. 

Zvoni

  • Hero Member
  • *****
  • Posts: 2300
Re: Looking for advice on "Simple" database
« Reply #1 on: January 24, 2022, 09:02:10 am »
So I am building a password manager type program.  I will need to securely store my users data.  I want to use a simple file to keep it all portable.  Anyway, I am looking at some of the components such as TSdfDataSet and TMemDataSet.  Now... I will need to be able to store simple text data and also image data in this file, like screenshots.  I am afraid of the file becoming very large but I think it will need to stay in memory because at some point I want the file to be encrypted and obviously only decrypt it while in memory?  Anyway I am just wondering what the smartest approach would be to something like storing multiple data types in a simple text type of file.  I considered SQLLite but I am trying to make sure my program has hardly no external dependencies.
What's wrong with telling your program to use a "local" sqlite-lib?
Then you just deploy the Lib in the same folder as your executable and you're done
One System to rule them all, One Code to find them,
One IDE to bring them all, and to the Framework bind them,
in the Land of Redmond, where the Windows lie
---------------------------------------------------------------------
Code is like a joke: If you have to explain it, it's bad

Thaddy

  • Hero Member
  • *****
  • Posts: 14159
  • Probably until I exterminate Putin.
Re: Looking for advice on "Simple" database
« Reply #2 on: January 24, 2022, 12:13:07 pm »
Well you can link in sqlite statically so there are no external dependencies. I can even recommend that. Instructions and binaries on the mormot website.
Specialize a type, not a var.

MarkMLl

  • Hero Member
  • *****
  • Posts: 6646
Re: Looking for advice on "Simple" database
« Reply #3 on: January 24, 2022, 12:20:17 pm »
Also please consider the extended thread at https://forum.lazarus.freepascal.org/index.php/topic,56489.0.html if any sort of secure storage is being considered.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Tony Stone

  • Full Member
  • ***
  • Posts: 216
Re: Looking for advice on "Simple" database
« Reply #4 on: January 24, 2022, 03:04:12 pm »
Also please consider the extended thread at https://forum.lazarus.freepascal.org/index.php/topic,56489.0.html if any sort of secure storage is being considered.

MarkMLl

So I do NEED my users information to be securely encrypted.  And in my bit of research I found several articles that claimed SQLite3 may have some serious security vulnerabilities which was just one more factor that moved me away from it.  And to be honest... i did some tutorials using SQLite3 and it truly seemed a bit overkill for what I am doing.  I will look through the forum post you referred me to later when I have some more time.  I will also look have to look at "linking in statically" now.  Every time I come here for help I realize how much I don't know!  :)  Thanks guys!

MarkMLl

  • Hero Member
  • *****
  • Posts: 6646
Re: Looking for advice on "Simple" database
« Reply #5 on: January 24, 2022, 04:01:51 pm »
So I do NEED my users information to be securely encrypted.

In which case the operator will need to identify himself to the program every time he uses it, i.e. authenticate himself and establish his authorisation. It is emphatically /not/ possible to hide a decryption key in a binary or in the registry etc.- which was the gist of the other thread.

Quote
And in my bit of research I found several articles that claimed SQLite3 may have some serious security vulnerabilities which was just one more factor that moved me away from it.

Which are probably less severe than those any one person in this forum- me, you, or anybody else- would inadvertently build into something written from scratch.

Quote
And to be honest... i did some tutorials using SQLite3 and it truly seemed a bit overkill for what I am doing.

I think the bottom line is that if you're writing something which allows for data to be modified as well as merely appended then it's worth using something like SQLite.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Tony Stone

  • Full Member
  • ***
  • Posts: 216
Re: Looking for advice on "Simple" database
« Reply #6 on: January 24, 2022, 11:41:31 pm »
Ok... thanks for the feedback.  And fair enough... the vulnerabilities I read about could potentially be found in anything ANYWHERE.... point taken.  Based on your expertise and knowledge I trust you when you say it is worth using something like SQLite.  I will go forward with the tuorials I found on it.  :)  I also plan on making my user authenticate, I am not giving them any options to store their user credentials(not easily anyway).  I will let them have the option to automatically authenticate... give them a security warning and let them make their choice!   :D  It is a free world after all!(kind of)

So I do NEED my users information to be securely encrypted.

In which case the operator will need to identify himself to the program every time he uses it, i.e. authenticate himself and establish his authorisation. It is emphatically /not/ possible to hide a decryption key in a binary or in the registry etc.- which was the gist of the other thread.

Quote
And in my bit of research I found several articles that claimed SQLite3 may have some serious security vulnerabilities which was just one more factor that moved me away from it.

Which are probably less severe than those any one person in this forum- me, you, or anybody else- would inadvertently build into something written from scratch.

Quote
And to be honest... i did some tutorials using SQLite3 and it truly seemed a bit overkill for what I am doing.

I think the bottom line is that if you're writing something which allows for data to be modified as well as merely appended then it's worth using something like SQLite.

MarkMLl

 

TinyPortal © 2005-2018