Is it possible to protect sqlite database inside mobile app created using PhoneGap + HTML5 ? I have some big chunk of data, that I would like to protect. But from nature of used technologies it seems to me its almost impossible. If it’s not possible to protect the data, is it at least possible to use some obfuscation to discourage “script-kiddies” to not try get to the data easily ?
Is it possible to protect sqlite database inside mobile app created using PhoneGap +
Share
A user of your software has more of a right to control the sqlite database than you do. Your software is just a visitor on his machine. Any form of encryption would be security though obscurity because you cannot have a secret (or secret key) on the device.
If you want to protect a database, then you have to host it. I recommend setting up a RESTful interface so that the js on the mobile device can perform actions on the data. You should assume that the attacker has 100% access to this RESTful interface. You should never expose a function like
do_query("select ...");. Make sure you take sql injection into consideration.