nhachicha/SnappyDB

Database Encryption

V1rus999 opened this issue · 2 comments

V1rus999 commented

Hi.

First of all thanks for the great database. Currently using it in a business app we are creating.

We have ran into a slight issue or rather a lack of functionality that we really do require and that is database encryption. With SQLLite you get libs like SQLCipher that assists you in decryption, but I have seen no such thing from SnappyDB.

I have looked into using Facebook's Conceal for encrypting Snappy using the following methods:

  1. I know its a long shot, but I tried to find the DB file and encrypting the entire file using Conceal. I doesn't really work. Any other advice related to this?.
  2. I tried to create a custom Custom Kryo Serializer, and then encrypting the outputstream etc, but with the amount of classes we have and writing each field manually, this will really defeat the purpose for us. It will be too hard and take too long to implement.
  3. Encrypting and decrypting with each read/write, but as you can think, this is really slow.

My question is do you guys have this functionality in the pipeline or do you have any advice for me related to encrypting SnappyDB?.

Thanks in advance.

V1rus999 commented

Bump.

This issue still persists. Is there no way that you can implement encryption in the near future?.

At the moment it looks like we will be moving our DB needs elsewhere.

oba2cat3 commented

it is very easy to support what you need here by yourself, and there is no need for the snappy team to implement anything.
here is how I set things up for my project (snappy/conceal/kyro).

  1. Write a custom Kryo serialization class to handle the super type of your model, basically, any model object you want to encrypt should inherit from this class.
  2. register the custom serialization class to the kryo instance from the Snappy instance you are using.
  3. bonus points: make sure you handle nested model classes correctly! use default kryo FieldSerialzation for all nested field!
  4. Do some tests, and make sure you are reading/writing your model objects correctly.
  5. After the basic sanity of this works for you, add encryption to the read/write methods of your custom serialization - using conceal, or any other approach.