> > > I'm not sure I agree with this analysis . . . it depends what level of
> > > security you are pursuing. Firstly, if you want the highest level of
> > > security, you could use SSL and send the client certificate
> by courier.
> > >
> >
> > once you have couriered someone a key in this way - then your whole
> security
> > regime rests entirely on the trust you have of the
> person/people you have
> > couriered the key to! If you trust them in the first place, then why
> > encrypt. If you don't trust them at all - then don't send them
> the key and
> > don't let them have a copy of the database.
> > Alan
>
> Hi Alan
>
> I don't follow your argument. You trust them enough to give them
> the public
> key for accessing your data through your program. You do not give them the
> private key, and you don't give them access to metadata.
>
> So I don't see how giving someone access to the app through an SSL
> certificate is placing everything in the trust of the user.
>
> But perhaps I am misunderstanding what you are saying . . .
>
> Lauchlan Mackinnon

your thread was about embedded - ergo you have given them the database file.
That's it you've done your dash.
Alan