SQLite password

Question

Suzie999 245 Coding Hobbyist

10 Years Ago

I'm trying to catch an SQLite problem but I'm unsure how.

The problem is opening a database which is password protected.
No error appears to be thrown when opening a database with an incorrect or no password.

I tried the following.

SQLiteConnection m_dbConnection = null;

            try
            {
                m_dbConnection = new SQLiteConnection("Data Source=MyDatabase.sqlite;Version=3;Password=password");
                m_dbConnection.Open();
            }
            catch(SQLiteException)
            {
                MessageBox.Show("error");
            }

            if (m_dbConnection == null) 
            {
                MessageBox.Show(m_dbConnection.ToString());
            }

My goal here is to be aware that an incorrect password was entered before proceeding but I'm unsure how, and wondering what the correct procedure is.

In the above code no Message box is displayed, but if I try to query the connection it fails.

I don't believe it wise to hard code a password in.

Thank you for looking.

Edited 10 Years Ago by Suzie999

3 Contributors
6 Replies
1K Views
1 Day Discussion Span
Latest Post 10 Years Ago Latest Post by Suzie999

AleMonteiro 238 Can I pick my title?

10 Years Ago

Just guessing...You're trying to catch an SQLLiteExcepion, but what if another occurs? Also, you are missing the exception name.
Try catching any exception.

 try
            {
                m_dbConnection = new SQLiteConnection("Data Source=MyDatabase.sqlite;Version=3;Password=password");
                m_dbConnection.Open();
            }
            catch(Exception ex)
            {
                MessageBox.Show(String.Format(@"Erro: {0}
StackTrace: {1}", ex.Message, ex.StackTrace));
            }

Hiroshe 499 Posting Whiz in Training

10 Years Ago

I'm not sure how the SQLite hooks work for encryption. However, it is possible that the entire file is encrypted. If that is the case, then it is impossible to distinguish it from random data (by design). It would be impossible to tell if the password is incorrect, or if the file is not an SQLite database at all.

I'm not sure about .net's implementation of SQLite, but it is possible that nothing is actually read from the database until you try to run a command.

How did you create the database originally?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Suzie999 245 Coding Hobbyist · Answer 1 · 2014-08-04T23:50:39+00:00

Thank you for your time.

Unfortunately there is no Exception thrown.

Only time I get an exception is trying to read the database.

string sql = "select * from mytable order by height desc";
SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
SQLiteDataReader reader = command.ExecuteReader(); // Exeption here

SQLiteException: file is encrypted or is not a database.

Perhaps it is by design that there is no indication of wrong password, seems a little odd though.

Suzie999 245 Coding Hobbyist · Answer 2 · 2014-08-05T03:59:27+00:00

I'm using System.Data.SQLite this part creates the file if it does not exist

m_dbConnection = new SQLiteConnection("Data Source=MyDatabase.sqlite;Version=3;Password=password");

And tables are created in regular SQL fashion.
All works normally with correct password or if no passwor.

Maybe the only way to do a dummy query of some sort before proceeding normally.

Hiroshe 499 Posting Whiz in Training · Answer 3 · 2014-08-05T18:44:26+00:00

Can I ask why you need to use the password this way? Depending on how it's used, it might be better to include the password in a table and check against that instead (as long as the user doesn't have direct access to the database). If the user does have direct access to the database, double check to make sure that it is encrypted. You might be able to hard code the password, depending on what the situation is.

Another option would be to encrypt the SQL database using another method (I haven't looked into the provided encryption, but if it's untrustworthy it might be worth it). This get's a little bit complicated though because the database needs to be randomly accessable.

Yeah, a dummy SQL query sounds like a reasonable option.

Suzie999 245 Coding Hobbyist · Answer 4 · 2014-08-06T00:17:02+00:00

Thanks.

To answer your question, I do not need to use a password at all, It's quite rare that I create a s oftware that is useful.

I just try something as a hobby, but ask the questions when they arise.

I also appreciate your post.

Thank you kindly.