Martin Latter - 2016-08-21 17:15:02
This package is an excellent concept.
Despite the package being 5 years old (at the time of this writing), it still looks easier to implement than some alternatives (https://www.sqlite.org/see/doc/trunk/www/readme.wiki).
An issue I see is that the package uses ECB mode for encryption. Never use ECB anywhere - the same plaintext will encrypt to identical ciphertext every time - meaning it's relatively easy to crack for a determined adversary.
From the methods in securesqlite.class.php, this should be straightforward to resolve: change MCRYPT_MODE_ECB to MCRYPT_MODE_CBC and verify the initialization vector (IV) generator is correctly generating random bytes.
The cipher used (Blowfish) is fine (strong and fast), but there are stronger available (AES, Twofish) if security is preferred to speed.
Hope this can be helpful.
