SQLite db files insecure

[IdeasVacuum]

Having happily created SQLite databases with PB for a number of projects, all secured with passwords, I just discovered that you can simply read the contents by opening the file in a text editor

Is this 'normal' for SQLite or is it the way PB creates SQLite databases? In this day and age, I would expect all databases to be secure by default....

[juror]

It's normal for sqlite. There's a several thousand dollar encryption add-on but I wrote my own.

[skywalk]

~$2000 SQLite Encryption Extension
You should not store passwords in clear text anyway. Store them as a hash$(Sha256/512) so only the user can recover and you can send a reset prompt if email matches user.

[IdeasVacuum]

....it's not about passwords.
Without knowing the passwords, you can simply load the db file into UltraEdit and there before your eyes is the data.

[skywalk]

Yes, this is fast. Encrypting all data or subsets of data is up to your db design or purchase of extension.

[Trond]

This is the way it is for server based databases as well. In fact the syntax for OpenDatabase() is probably using a password only because of server based databases.

Because SQLite aims to be a near drop-in replacement it conforms to these features, even if they don't make sense for SQLite. Another example: In SQLite you can put any data type into any column. Still, you give it a data type for each column, because that's how SQL syntax is.

When it comes to server based databases you will probably see the database contents when opening the file in a text editor. But it isn't a problem, because the file is on a different and password-protected computer. If you use MySQL on the same computer, you will probably have the same problem.