8

I recently created a password manager using Java for my college project in OOP. To handle database I picked SQLite since using MySQL or SQL server was getting hectic for a small project. Though I am already done with the submission, I was thinking if I could do any further improvement in the project.

Biggest drawback that I have observed yet is that if anyone manages to find the location of database in the system (which is way too easy) it would be very simple to open the database.

Now here two problem arises -

  1. User's password list will be visible
  2. Anyone would be able to modify the data using SQLite manager.

In order to solve the first problem, I already used AES encryption and it is working just fine. However, the second problem still remains.

So in a nut shell, How can I prevent my SQLite DB to get modified except from the Password Manager itself?

Point to note that my application is just an offline Password Manager used on a household PC. So, you can consider the level of threat accordingly. Moreover, the Password Manager itself would have to modify the database content, so assigning the permission should be such that it should not prevent the application to do so.

Note: I was wondering if we can use the limitation of SQLite that only one connection to write the data can be established at a time. Using this the intruder won't be able to modify it. But, I am not sure how it can be implemented.

Saharsh
  • 1,056
  • 10
  • 26
  • 1
    Just `chmod` the database as readable only to you. The other users have their own accounts, right? (Also you should be hashing passwords with a password hashing function) – Colonel Thirty Two Nov 28 '16 at 13:57
  • 1
    If someone gets hold of the physical database files nothing prevents them from looking into the data or changing the data (this is also true for any server based DBMS - however it's usually harder to access the files on the database server). Not even a single connection "limit" would prevent that - shutting down your application would render that useless. –  Nov 28 '16 at 13:57
  • _" I was wondering if we can use the limitation of SQLite that only one connection can be established at a time."_ This is incorrect. Only one connection can have the database locked for writing at a time, but multiple connections can exist. – Colonel Thirty Two Nov 28 '16 at 13:57
  • @ColonelThirtyTwo Thanks for correction. – Saharsh Nov 28 '16 at 14:00
  • @ColonelThirtyTwo as I said you'll have to consider intruder have admin rights too. I don't it will still prevent the modification. Moreover, Password Manager itself would have to rewrite the data as user would login and modify it through the application legitimately. – Saharsh Nov 28 '16 at 14:03
  • 1
    You can't practically defend against an intruder with admin rights. They can set breakpoint and dump the RAM of your program to get pretty much any information they want out of it. – Colonel Thirty Two Nov 28 '16 at 14:05
  • @ColonelThirtyTwo Considering the complexity I have made few changes in the scenario. – Saharsh Nov 28 '16 at 14:14
  • @Gamma: I tried to answer your question. Does it help? Or are you trying to solve a different problem? – Christian Strempfer Dec 05 '16 at 12:33
  • @ChristianStrempfer Thanks for the answer. Despite providing a near solution to the problem you have made several assumption (like using Cloud). As I said it was a small offline application, I had my expectations that answers lie within that area. Although I liked your alternative idea and I can give you +1 for this but accepting this answer might not be the best. As for the bounty, if none other suitable answers are submitted I will award that too. Thanks – Saharsh Dec 06 '16 at 13:59
  • @Gamma: I tried to say that there is no other alternative, because file access permissions are part of the operating system not of your app. I added a part about encrypting the whole database, but I don't think it makes much difference as you're already encrypting the passwords. – Christian Strempfer Dec 06 '16 at 14:35

1 Answers1

3

Restrict user access

Only the operating system can secure files against access by unauthorized persons. Put the database into a folder, which is only accessible by the current user, and have a separate database for each user.

Encryption

You're already encrypting the passwords, that's good. If you want to encrypt the whole database, you could have a look at the SQLite Encryption Extension.

The SQLite Encryption Extension (SEE) is an add-on to the public domain version of SQLite that allows an application to read and write encrypted database files.

Also have a look at the question SQLite with encryption/password protection.

Attack

What would actually happen if someone has access to the database file?

If the database is secured properly, the attacker is not able to get the plain passwords (at least not in reasonable time). In the worst case a password is replaced by another one, but that would achieve nothing, besides you using the wrong password and maybe resetting it. Therefore the worst case would be that you'll lose your saved passwords.

You can do nothing to prevent a data loss on a single machine. For example hard disks sometimes just stop working, someone could steal the whole PC, format the hard disk, etc.

Backups

If you really want to make sure that the data is not modified, you need to keep backups on different machines to minimize the possiblity that someone has access to all of them. For example you could upload the database file to a cloud service. Then you sign the file, so that you can see if a file was compromise and if so fallback to another version.

Conclusion

Your password manager is good enough for an offline tool. If you want to improve the data integrity you have to transfer the data to other machines.

Community
  • 1
  • 1
Christian Strempfer
  • 7,291
  • 6
  • 50
  • 75