Hi all!

1. "Question"

So... It is possible to have a security layer in SQLite so that it is only possible to recognize unique devices where there is access to the database?

2. "Problem"

1. For example suppose i have a SQLite database and I want for example to make someone access this database only with certain administrative options configured.
2. Modern databases like PostgreSQL/MySQL etc; have this option.
   
3. In the case of SQLite, I didn't find this option to limit access to certain administrative options for the user that I as admin grant access to.
4. In this speculative, narrative case that I have demonstrated here in a brief and simple way. It would be an advantage to use the Fido protocol to identify device types to which it should have access.

3. "Solution"

1. Fido allows only specific provisions to be accepted, this can be done in two ways token and/or flash drive with token.
2. My idea here of having an extra layer of security in SQLite would be to have fido support for SQLite so that only authorized employees can access the database.
3. I mention this because I have a lightweight program and many trusted people use it. If I could configure device access it would be more secure for my case.

4. Feature-name

"Smart Database" or "Smart SQLite" or "SQLite with Fido"

5. Feature-description

SQLite with Fido.

5.1 What is Fido?

The FIDO (Fast IDentity Online) authentication standard defines a fast and secure authentication mechanism for users to access websites and applications.

6. Why?

1. This allows to help two communities: SQLite, Fido.
2. I would like to help SQLite to be more secure.
3. It is an interesting alternative to make the life of those who use SQLite very often easier.
4. I would like to know if anyone has thought of this idea.

7. References

• https://fidoalliance.org/what-is-fido/
• https://www.techtarget.com/searchsecurity/definition/FIDO-Fast-Identity-Online
• https://www.identiv.com/community/2020/10/07/what-is-fido-and-how-does-it-work/
• https://doubleoctopus.com/security-wiki/protocol/fast-identity-online/
• https://en.wikipedia.org/wiki/FIDO_Alliance

In the case of SQLite, I didn't find this option to limit access to certain administrative options for the user that I as admin grant access to.

For the very specific reason that sqlite is a single-user database. It does not inherently have any concept of users, and therefore no concepts of user-level rights. All such features needed by applications have to be added to those applications, but the databases can still be used by any other sqlite3-using software such as generic db browsers and sqlite3's own shell app, so such access rights are trivial to bypass.

1. "Reply"

SQLite is not a client-server database, it's not a useful endeavour to try and ascribe client-server-ness to it, and using another client-server database (such as Postgres) to hold up as an example of where client-server functions can work, is not a useful course of action.

Luckily, SQLite is only the engine, you are very welcome to design a client-server interface or simply a user-access-interface above it for your application, as had been done many times. You can make it very secure even by purchasing the SEE encryption tooling from the SQLite developers. And while doing all this, are welcome to use FIDO (or whatever else you like) as an access level determiner.

I would like to help SQLite to be more secure.

That's very noble. Luckily SQLite's own developers have done this and it is one of their sources of income. Purchasing this already most-secure tooling will add to the development effort and is an actual tangible way to "help SQLite be more secure".

I would like to know if anyone has thought of this idea.

Which idea?

• Making SQLite more client-server like? There are many projects out there that do it
• Adding a User-Access layer on top? Again, very many, a new one is suggested here quite often
• Specifically use FIDO to do it? No, I can't be 100% sure, but I think this is the first time I've seen that idea specifically mentioned on this forum.