Using an encrypted file securely

Question

I'm writing an application with a dBASE database file in Borland Delphi 7.

Note: I think this question is file-security related and you can forget the dBASE thing (consider it as a TXT file) in this question.

The database must be accessed just by the application. Then it must be encrypted. Unfortunately dBASE doesn't support any password mechanism and i had to encrypt the file by myself (and i also HAVE to use dBASE)

What approach do you suggest to secure the database file?

The simple one is:

1. Encrypting the database file and placing it near beside the application EXE file.
2. When the application runs, it should decrypt the file (with a hard-coded password) and copy the result to a temporary file that has DeleteOnClose and NoSharingPermission flags.
3. When Closing, application should encrypt the temp dBASE file and replaces the old encrypted file with the new one.

I think this is a fair secure approach. But it have two big problems:

1. With an undelete tool the user can restore and access to the deleted temp file.
2. Worse: When application is running, if the system rebooted suddenly the DeleteOnClose flag fails and the temp file remains on hard disk and user can access it.

Is there any solution for, at least, the second part?

Is there any other solution?

Answer 1

You could also try to create a TrueCrypt file-based containter, mount it, and then put the dBase file inside the mounted encrypted volume. TrueCrypt is free (in both senses) and it's accessible via command line parameters from your application (mount before start, unmount before quit).