Issue 2551314: Support encrypted databases (sqlite and possibly others)

classification

Title:	Support encrypted databases (sqlite and possibly others)
Type:	rfe	Severity:	normal
Components:	Database	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:		Keywords:

Created on 2024-02-11 22:57 by rouilj, last changed 2024-02-11 22:57 by rouilj.

Messages
msg7938	Author: [hidden] (rouilj)	Date: 2024-02-11 22:57
In a discussion last week, I was asked if the Roundup db could provide encryption at rest. The attack mode was a user who could copy the db files. They already use full disk encryption but it is not a solution to this threat profile. I stated that was not a use case for Roundup. They ran both PostgreSQL and MariaDB. However it looks like sqlite could support it. https://www.zetetic.net/sqlcipher does AES256 encryption (similar to SEE) and does have an open source implementation. It also has a DBI 2 python library https://pypi.org/project/pysqlcipher3/. Native SQLite has the SEE sqlite encryption extension. Which is supported by the maker of SQLite, but is a paid addon. AFAICT there is no python module for it. MySQL/MariaDB has transparent data encryption, but I have no idea how to manage that from Python. PostgreSQL does have some patches and commercial solutions for disk DB encryption, but again no obvious python support. There is public function to encrypt columns, but again python support is a question There is a django-pycrypto module that looks like it django's solution to this. Obviously for this to be useful SSL/TLS connections to the db server would also be needed.

msg7938

Author: [hidden] (rouilj)

Date: 2024-02-11 22:57

In a discussion last week, I was asked if the Roundup db could provide encryption at rest.
The attack mode was a user who could copy the db files. They already use full disk
encryption but it is not a solution to this threat profile. I stated that was not a
use case for Roundup. They ran both PostgreSQL and MariaDB.

However it looks like sqlite could support it.

https://www.zetetic.net/sqlcipher does AES256 encryption (similar to SEE) and does have
an open source implementation. It also has a DBI 2 python library 
https://pypi.org/project/pysqlcipher3/.

Native SQLite has the SEE sqlite encryption extension. Which is supported by the maker
of SQLite, but is a paid addon. AFAICT there is no python module for it.

MySQL/MariaDB has transparent data encryption, but I have no idea how to manage that
from Python. PostgreSQL does have some patches and commercial solutions for disk DB
encryption, but again no obvious python support. There is public function to encrypt
columns, but again python support is a question There is a django-pycrypto
module that looks like it django's solution to this. Obviously for this to
be useful SSL/TLS connections to the db server would also be needed.

History
Date	User	Action	Args
2024-02-11 22:57:50	rouilj	create

Roundup Tracker - Issues

Issue 2551314