store encrypted data in sqlite ?
carsten.haese at gmail.com
Fri Oct 2 22:41:01 CEST 2009
Stef Mientki wrote:
> I want to store some fields in an sqlite database.
> I use ezPyCrypto to encrypt and decrypt:
> User = ['z684684', 'Mientki, Stef', 1,1,0,1,1 ]
> encryption_key_1 = ezPyCrypto.key ( 512 )
> SQL_Base = 'insert or replace into __USERS__ values ('
> for field in User :
> SQL += ",'" + encryption_key_1.encString ( str ( item ))+ "'"
> SQL += ')'
> Now this fails, probably, because the second character of the encrypted
> string is a binary zero.
> By trial and error, I found a work around,
> but I'm not sure this will garantee that it will work always:
> by converting the encrypted buffer with base64.encode:
> SQL += ",'" + base64.encodestring(EnCrypt_1 ( str ( item )))+ "'"
> Will this method work always ?
> Are there better methods ?
There is definitely a better method! You should use parameter binding
instead of rolling the query by hand:
SQL = "insert or replace into __USERS__ values (?,?,?,?,?,?,?)"
params = [ encryption_key_1.encString(str(x)) for x in User ]
That way, the parameters are passed separately and safely, and the query
syntax is protected from all the dangerous characters that are floating
around in the parameters.
More information about the Python-list