I was using my TX yesterday to enter some info in SmartlistToGo and I was thinking (ominous music :p).

SmartlistToGo is a great appp but it doesn't have any way to encrypt fields or databases, so I was wandering if an app already exists in which you can set a number of applications and when you launch them it will ask you for a password to decrypt any associated databases. On exit it will encrypt them back.

I'm not talking about a system wide password or anything (I actualy hate the bloody thing since it slows me down) but a way to decrypt databases only when their app is launched and encrypt again on exit.

Taking it a bit further, if I don't enter a password, the app should start with the databases that haven't been selected for encryption.

I don't know of anything like that. I know you can password protect a certain application as a whole (sth like Applock), and I know you can encrypt specific data (SplashID), but I don't know of anything that will encrypt a specific database of an application. Sorry I know I wasn't much help :(

HanDBase will meet your requirements. You can download or create your own password database and encrypt/pw protect that DB alone.

http://www.ddhsoftware.com/palm_software.html?UID=

@BrentC
No worries! This was more wishful thinking than an actual plea for help :(

@Wellsjs
I tried HandBase a while ago and It did look good. Any idea how complicated porting my current dbs would be? Also does it support hires+ now? last time it didnt.

You could, of course, store your smartlist databases on an encrypted drive using pruss´ cryptdrive application (losing sync capabilities, though).

I know...
Its just annoying. I can't seem to find a complete solution (except moving to handbase). It's a real shame Dataviz decided not to implement encryption in order to guard the market share of passwords plus.

I'm actually tempted to attempt to write a program like the one I described although it would be a bit clumsy when the dbs are to get hotsynced...

Effectively you need to register the applaunchevent and see when the app is launched or it quits and act accordingly. Im not too fussy about Find not working from outside the app, and I don't think STG handles any other relevant notifications.

Is there an event that is sent right before hotsync fuly starts? Otherwise you would need to manually decrypt the databases before hotsync and encrypt them afterwards(the last bit can be automatic though).

Is there an event that is sent right before hotsync fuly starts? Otherwise you would need to manually decrypt the databases before hotsync and encrypt them afterwards(the last bit can be automatic though).
I think most people just look for the hotsync prc launch event. After all, you don't need the data decrypted until you actually sync; it can still be encrypted when the actual app launches.

However, you'd need to add in a password prompt for batch decrypting on HotSync launch. Doable, yes; also a bit of a pain.

It might be better to make a whitelist of apps whose data you want decrypted on hotsync, and only decrypt those databases; that way, your Docs2Go, AvantGo, Calendar, etc. would sync, but the databases themselves would still be encrypted on the backup.

So you mean storing the password (in an encrypted form), catch the hotsync launch event at which point the dbs (or a subset of them) will get decrypted automaticaly and when the hotsync finishes, catch the SyncFinishEvent and encrypt them again.

It does sound more elegant :) Maybe slightly less secure but more elegant.

actually, to save yourself a lot of work, there is already a third party plugin for sltg that does encryption

there is a demo that you can try, and the plugin itself is very cheap

here is the link: http://ca.geocities.com/sltgPlugins/

*note - i am not the author

If I remember correctly, using the plugin caused crashes, and you can't really sync with it.

I've had no crashes, but then again I don't hot sync (hate to actually). I use it on my TH55 but have it installed on my TX as well and didn't notice any problems.

So you mean storing the password (in an encrypted form), catch the hotsync launch event at which point the dbs (or a subset of them) will get decrypted automaticaly and when the hotsync finishes, catch the SyncFinishEvent and encrypt them again.
.


that kills all the security :-)

half the apps on the market now send those notifications to fool tools liek MultiUserHack

I guess that's true only if the pasword is stored and the decryption occurs without user interaction.

In effect, unless I'm wrong I have the following choices:

1. Store the password and create an easily exploitable attack vector.
2. Ask for the password at hotsync and annoy a few users.
3. Leave a small (user configurable) window before DBs get reencrypted after app exit during which the user should hotsync. Which will be hell if the user has locked more than one app.
4. Expect the user to run my app asking for a temporary decryption (after a password prompt) after which he has to run hotsync, otherwise everything will get re-encrypted.

Am I missing any options here?

~~~~~~~~~~~~~~~~~~~~~~
PS: Notes to self,
a. don't try to do security stuff with only a couple hours of sleep
b. Palms are not coded like PCs.

well, attack vector is not due to the idea, but due to the implementation you proposed .There are better ways to reliably detect a hotsync operation going on, and decrypt then :-)

Can you please elaborate dmitry?

The only ways I can think of is either catching the SyncStartEvent or the appLaunch of hotsync.