| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 | # sqlite/pysqlcipher.py
# Copyright (C) 2005-2016 the SQLAlchemy authors and contributors
# <see AUTHORS file>
#
# This module is part of SQLAlchemy and is released under
# the MIT License: http://www.opensource.org/licenses/mit-license.php
"""
.. dialect:: sqlite+pysqlcipher
    :name: pysqlcipher
    :dbapi: pysqlcipher
    :connectstring: sqlite+pysqlcipher://:passphrase/file_path[?kdf_iter=<iter>]
    :url: https://pypi.python.org/pypi/pysqlcipher
    ``pysqlcipher`` is a fork of the standard ``pysqlite`` driver to make
    use of the `SQLCipher <https://www.zetetic.net/sqlcipher>`_ backend.
    .. versionadded:: 0.9.9
Driver
------
The driver here is the `pysqlcipher <https://pypi.python.org/pypi/pysqlcipher>`_
driver, which makes use of the SQLCipher engine.  This system essentially
introduces new PRAGMA commands to SQLite which allows the setting of a
passphrase and other encryption parameters, allowing the database
file to be encrypted.
Connect Strings
---------------
The format of the connect string is in every way the same as that
of the :mod:`~sqlalchemy.dialects.sqlite.pysqlite` driver, except that the
"password" field is now accepted, which should contain a passphrase::
    e = create_engine('sqlite+pysqlcipher://:testing@/foo.db')
For an absolute file path, two leading slashes should be used for the
database name::
    e = create_engine('sqlite+pysqlcipher://:testing@//path/to/foo.db')
A selection of additional encryption-related pragmas supported by SQLCipher
as documented at https://www.zetetic.net/sqlcipher/sqlcipher-api/ can be passed
in the query string, and will result in that PRAGMA being called for each
new connection.  Currently, ``cipher``, ``kdf_iter``
``cipher_page_size`` and ``cipher_use_hmac`` are supported::
    e = create_engine('sqlite+pysqlcipher://:testing@/foo.db?cipher=aes-256-cfb&kdf_iter=64000')
Pooling Behavior
----------------
The driver makes a change to the default pool behavior of pysqlite
as described in :ref:`pysqlite_threading_pooling`.   The pysqlcipher driver
has been observed to be significantly slower on connection than the
pysqlite driver, most likely due to the encryption overhead, so the
dialect here defaults to using the :class:`.SingletonThreadPool`
implementation,
instead of the :class:`.NullPool` pool used by pysqlite.  As always, the pool
implementation is entirely configurable using the
:paramref:`.create_engine.poolclass` parameter; the :class:`.StaticPool` may
be more feasible for single-threaded use, or :class:`.NullPool` may be used
to prevent unencrypted connections from being held open for long periods of
time, at the expense of slower startup time for new connections.
"""
from __future__ import absolute_import
from .pysqlite import SQLiteDialect_pysqlite
from ...engine import url as _url
from ... import pool
class SQLiteDialect_pysqlcipher(SQLiteDialect_pysqlite):
    driver = 'pysqlcipher'
    pragmas = ('kdf_iter', 'cipher', 'cipher_page_size', 'cipher_use_hmac')
    @classmethod
    def dbapi(cls):
        from pysqlcipher import dbapi2 as sqlcipher
        return sqlcipher
    @classmethod
    def get_pool_class(cls, url):
        return pool.SingletonThreadPool
    def connect(self, *cargs, **cparams):
        passphrase = cparams.pop('passphrase', '')
        pragmas = dict(
            (key, cparams.pop(key, None)) for key in
            self.pragmas
        )
        conn = super(SQLiteDialect_pysqlcipher, self).\
            connect(*cargs, **cparams)
        conn.execute('pragma key="%s"' % passphrase)
        for prag, value in pragmas.items():
            if value is not None:
                conn.execute('pragma %s=%s' % (prag, value))
        return conn
    def create_connect_args(self, url):
        super_url = _url.URL(
            url.drivername, username=url.username,
            host=url.host, database=url.database, query=url.query)
        c_args, opts = super(SQLiteDialect_pysqlcipher, self).\
            create_connect_args(super_url)
        opts['passphrase'] = url.password
        return c_args, opts
dialect = SQLiteDialect_pysqlcipher
 |