-1

I am trying to make a simple number game and want to store the values in the sqlite3 database and I don't want to make other users see the database or edit it, I have tried using authoriser it works but only within the code, when i try to edit / delete in code it throws an exception but when i try to change the values in sqlite3 studio it changed and got updated THE AUTHORISER CODE I WROTE IS

def authoriser(action, args1, b, db_name, source):
   if action == sqlite3.SQLITE_SELECT and args1 == "run":
       return sqlite3.SQLITE_OK
   elif action == sqlite3.SQLITE_DELETE and args1 == "run":
       return sqlite3.SQLITE_DENY
   elif action == sqlite3.SQLITE_READ and args1 == "run" and b == 'hash2':
       return sqlite3.SQLITE_OK
   return sqlite3.SQLITE_OK

the db in sqlite3 studio before deleting


The db after deleting it

it compiles and execute perfectly but the problem is i can edit it in sqlite3 studio or any GUI

DaVinci
  • 868
  • 1
  • 7
  • 25
  • I’m guessing that your code is only indented like that due to the formatting tools? Please include everything needed for a [mcve]. – AMC Nov 17 '19 at 05:44

1 Answers1

1

No, sqlite3 does not have any type of access rights and therefore no way to keep certain rows from being updated and/or deleted, especially by another application. Sqlite is an embedded database library, so if another application has access to the file, then it can open it and gain unfettered access to the data.

There is an encryption modules that can be added to sqlite, but the official encryption module requires a license for a price. Perhaps there are other encryption solutions that could be used, but that would have to be researched separately.

C Perkins
  • 3,733
  • 4
  • 23
  • 37
  • 1
    OP is using https://www.sqlite.org/c3ref/set_authorizer.html (well, the python wrapper for it) – Shawn Nov 17 '19 at 07:02
  • 1
    Which of course is a per-connection setting so the rest of that still holds. – Shawn Nov 17 '19 at 07:08
  • @Shawn Thanks, but not sure what you mean by "rest of that..". I'm glad that you concur with most of the answer, but the authorizer really is not meant to implement access rights as much as it is to filter and control execution of direct SQL from outside sources. If access rights are implemented, then those rights could be applied to such SQL execution, but they are separate ideas. From OP's own description, I gather that the authorizer's purpose is misunderstood and the OP's implementation is likely superfluous since the OP has control of their own code (no external SQL is being passed). – C Perkins Nov 17 '19 at 07:47
  • can we add a password to sqlite3 using python – DaVinci Nov 18 '19 at 11:07
  • @Tonystark You can do anything that you want within Python. You can require a password, you can add access rights, etc., etc. BUT, the standard, open, unencrypted sqlite database file format will not change. Just as I already answered, the standard sqlite format will be accessible to any other application that implements sqlite library... unless the database file is **encrypted**. But that is a **separate question** that you should first research online for Python. To start, see https://stackoverflow.com/questions/5669905/sqlite-with-encryption-password-protection. – C Perkins Nov 18 '19 at 15:21
  • @CPerkins I have already did but when i try to do that , the python throws an error like syntax error and sqlite connection doesn't have any methods like SetPassword ?? – DaVinci Nov 19 '19 at 04:13