PureBasic Forums - English

Having happily created SQLite databases with PB for a number of projects, all secured with passwords, I just discovered that you can simply read the contents by opening the file in a text editor

Is this 'normal' for SQLite or is it the way PB creates SQLite databases? In this day and age, I would expect all databases to be secure by default....

It's normal for sqlite. There's a several thousand dollar encryption add-on but I wrote my own.

~$2000 SQLite Encryption Extension
You should not store passwords in clear text anyway. Store them as a hash$(Sha256/512) so only the user can recover and you can send a reset prompt if email matches user.

....it's not about passwords.
Without knowing the passwords, you can simply load the db file into UltraEdit and there before your eyes is the data.

Yes, this is fast. Encrypting all data or subsets of data is up to your db design or purchase of extension.

This is the way it is for server based databases as well. In fact the syntax for OpenDatabase() is probably using a password only because of server based databases.

Because SQLite aims to be a near drop-in replacement it conforms to these features, even if they don't make sense for SQLite. Another example: In SQLite you can put any data type into any column. Still, you give it a data type for each column, because that's how SQL syntax is.

When it comes to server based databases you will probably see the database contents when opening the file in a text editor. But it isn't a problem, because the file is on a different and password-protected computer. If you use MySQL on the same computer, you will probably have the same problem.