MAINHACK

Viewing / Editing File: sqlcipher_ext.py

File is not writable. Editing disabled.
"""
Peewee integration with pysqlcipher.

Project page: https://github.com/leapcode/pysqlcipher/

**WARNING!!! EXPERIMENTAL!!!**

* Although this extention's code is short, it has not been properly
  peer-reviewed yet and may have introduced vulnerabilities.

Also note that this code relies on pysqlcipher and sqlcipher, and
the code there might have vulnerabilities as well, but since these
are widely used crypto modules, we can expect "short zero days" there.

Example usage:

     from peewee.playground.ciphersql_ext import SqlCipherDatabase
     db = SqlCipherDatabase('/path/to/my.db', passphrase="don'tuseme4real")

* `passphrase`: should be "long enough".
  Note that *length beats vocabulary* (much exponential), and even
  a lowercase-only passphrase like easytorememberyethardforotherstoguess
  packs more noise than 8 random printable characters and *can* be memorized.

When opening an existing database, passphrase should be the one used when the
database was created. If the passphrase is incorrect, an exception will only be
raised **when you access the database**.

If you need to ask for an interactive passphrase, here's example code you can
put after the `db = ...` line:

    try:  # Just access the database so that it checks the encryption.
        db.get_tables()
    # We're looking for a DatabaseError with a specific error message.
    except peewee.DatabaseError as e:
        # Check whether the message *means* "passphrase is wrong"
        if e.args[0] == 'file is encrypted or is not a database':
            raise Exception('Developer should Prompt user for passphrase '
                            'again.')
        else:
            # A different DatabaseError. Raise it.
            raise e

See a more elaborate example with this code at
https://gist.github.com/thedod/11048875
"""
import datetime
import decimal
import sys

from peewee import *
from playhouse.sqlite_ext import SqliteExtDatabase
if sys.version_info[0] != 3:
    from pysqlcipher import dbapi2 as sqlcipher
else:
    try:
        from sqlcipher3 import dbapi2 as sqlcipher
    except ImportError:
        from pysqlcipher3 import dbapi2 as sqlcipher

sqlcipher.register_adapter(decimal.Decimal, str)
sqlcipher.register_adapter(datetime.date, str)
sqlcipher.register_adapter(datetime.time, str)
__sqlcipher_version__ = sqlcipher.sqlite_version_info


class _SqlCipherDatabase(object):
    server_version = __sqlcipher_version__

    def _connect(self):
        params = dict(self.connect_params)
        passphrase = params.pop('passphrase', '').replace("'", "''")

        conn = sqlcipher.connect(self.database, isolation_level=None, **params)
        try:
            if passphrase:
                conn.execute("PRAGMA key='%s'" % passphrase)
            self._add_conn_hooks(conn)
        except:
            conn.close()
            raise
        return conn

    def set_passphrase(self, passphrase):
        if not self.is_closed():
            raise ImproperlyConfigured('Cannot set passphrase when database '
                                       'is open. To change passphrase of an '
                                       'open database use the rekey() method.')

        self.connect_params['passphrase'] = passphrase

    def rekey(self, passphrase):
        if self.is_closed():
            self.connect()

        self.execute_sql("PRAGMA rekey='%s'" % passphrase.replace("'", "''"))
        self.connect_params['passphrase'] = passphrase
        return True


class SqlCipherDatabase(_SqlCipherDatabase, SqliteDatabase):
    pass


class SqlCipherExtDatabase(_SqlCipherDatabase, SqliteExtDatabase):
    pass
Cancel / Back
[ MAINHACK ]

Viewing / Editing File: sqlcipher_ext.py

Server Info

System Features

User Info
