cordova-sqlcipher-adapter

# Cordova/PhoneGap SQLCipher adapter plugin - maintenance only __Native interface__ to __SQLCipher version 4__ in a Cordova/PhoneGap plugin _with API based on HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/) for the following platforms_: - Android - iOS - macOS ("osx" platform) - ~~Windows 10 (UWP) DESKTOP (...)~~ _(disabled; see below for major limitations)_  Plugin version `0.2.x` (with known security issues) is required for SQLCipher 3 support. For future consideration: support migration between SQLCipher 3 and SQLCipher 4 ([brodybits/cordova-sqlcipher-adapter#83](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/83)). Note that this project is currently not under active development, see [brodybits/cordova-sqlcipher-adapter#81](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/81). **LICENSE:** MIT, with Apache 2.0 option for Android and _disabled_ Windows platforms (see [LICENSE.md](./LICENSE.md) for details, including third-party components used by this plugin) **NOTICE:** Extra-old `armeabi` CPU for Android pre-5.0 is no longer supported by this plugin version. ## IMPORTANT WARNING NOTICES - Without the database password there is no proven way to recover the data. - **Multiple SQLite corruption problem** - see section below & [`xpbrew/cordova-sqlite-storage#626`](https://github.com/xpbrew/cordova-sqlite-storage/issues/626) - __IMPORTANT EXPORT REQUIREMENTS__ _described at: <https://discuss.zetetic.net/t/export-requirements-for-applications-using-sqlcipher/47>_ - **Breaking changes coming soon** - see section nearby & see [`xpbrew/cordova-sqlite-storage#922`](https://github.com/xpbrew/cordova-sqlite-storage/issues/922) ## Comparison of supported plugin versions | | Free license terms | Commercial license & support | | --- | --- | --- | | [`cordova-sqlite-storage`](https://github.com/xpbrew/cordova-sqlite-storage) - core plugin version | MIT (or Apache 2.0 on Android & Windows) | | | [`cordova-sqlite-express-build-support`](https://github.com/xpbrew/cordova-sqlite-express-build-support) - using built-in SQLite libraries on Android, iOS, and macOS | MIT (or Apache 2.0 on Android & Windows) | | | [`cordova-sqlite-ext`](https://github.com/brodybits/cordova-sqlite-ext) - with extra features including BASE64, REGEXP, and pre-populated databases | MIT (or Apache 2.0 on Android & Windows) | | | [`cordova-sqlite-evcore-extbuild-free`](https://github.com/brodysoft/cordova-sqlite-evcore-extbuild-free) - plugin version with lighter resource usage in Android NDK | GPL v3 | available, see <https://xpbrew.consulting/> | | [`cordova-plugin-sqlite-evplus-ext-common-free`](https://github.com/brodysoft/cordova-plugin-sqlite-evplus-ext-common-free) - includes workaround for extra-large result data on Android and lighter resource usage on iOS, macOS, and in Android NDK | GPL v3 | available, see <https://xpbrew.consulting/> | ### COMING SOON New SQLite plugin design with a simpler API is in progress with a working demo - see [`brodybits/ask-me-anything#3`](https://github.com/brodybits/ask-me-anything/issues/3) ## Breaking changes coming soon in an upcoming major release - see [`xpbrew/cordova-sqlite-storage#922`](https://github.com/xpbrew/cordova-sqlite-storage/issues/922) some highlights: - drop support for Android pre-5.1, which will also be dropped by `cordova-android`, including deprecated `armeabi` target _no longer supported by this plugin_ (superseded by `armeabi-v7a`, seems to be not supported by Android 5.0) - more info in [`xpbrew/cordova-sqlite-storage#922`](https://github.com/xpbrew/cordova-sqlite-storage/issues/922) - error `code` will always be `0` (which is already the case on Windows); actual SQLite3 error code will be part of the error `message` member whenever possible (see [`xpbrew/cordova-sqlite-storage#821`](https://github.com/xpbrew/cordova-sqlite-storage/issues/821)) - drop support for location: 0-2 values in openDatabase call (please use `location: 'default'` or `iosDatabaseLocation` setting in openDatabase as documented below) - throw an exception in case of `androidDatabaseImplementation: 2` setting which is now superseded by `androidDatabaseProvider: 'system'` setting under consideration: - remove `androidLockWorkaround: 1` option if not needed any longer - [`xpbrew/cordova-sqlite-storage#925`](https://github.com/xpbrew/cordova-sqlite-storage/issues/925) ## About this plugin version TBD  __GENERAL STATUS:__ This project is under maintenance for security, data loss risk, and other critical issues at this point ([brodybits/cordova-sqlcipher-adapter#81](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/81)). Active development may be resumed someday in the future, in case of sufficient interest from the user community. For priority feature requirements please contact <sales@litehelpers.net> for estimation and discussion. ### Multiple database problem on Android This plugin uses SQLCipher for Android which is a non-standard SQLite implementation on Android (a fork of [`sqlcipher/android-database-sqlcipher`](https://github.com/sqlcipher/android-database-sqlcipher)). In case an application access the __same__ database using multiple plugins there is a risk of data corruption (see [xpbrew/cordova-sqlite-storage#626](https://github.com/xpbrew/cordova-sqlite-storage/issues/626)), as described in <http://ericsink.com/entries/multiple_sqlite_problem.html> and <https://www.sqlite.org/howtocorrupt.html>.)  ### Multiple database access problem on other platforms This plugin version also uses SQLCipher which is based on a particular version of sqlite3 on iOS, macOS, and Windows. In case the application accesses the SAME database using multiple plugins there is a risk of data corruption as described in <https://www.sqlite.org/howtocorrupt.html> (similar to the multiple sqlite problem for Android as described in <http://ericsink.com/entries/multiple_sqlite_problem.html>). ### Additional notice Windows platform support is now disabled in this plugin version, with CRYPTO provider (libTomCrypt) completely removed. This plugin version is no longer tested on Windows. For future consideration: enable Windows build again with encryption using a recent build of the OpenSSL crypto library  ## A quick tour To open a database: ```Javascript var db = null; document.addEventListener('deviceready', function() { db = window.sqlitePlugin.openDatabase({ name: 'my-encrypted.db', key: 'user-password-here', location: 'default' }); }); ``` **IMPORTANT:** Like with the other Cordova plugins your application must wait for the `deviceready` event. This is especially tricky in Angular/ngCordova/Ionic controller/factory/service callbacks which may be triggered before the `deviceready` event is fired. ### Using DRAFT standard transaction API To populate a database using the DRAFT standard transaction API: ```Javascript db.transaction(function(tx) { tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)'); tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101]); tx.executeSql('INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202]); }, function(error) { console.log('Transaction ERROR: ' + error.message); }, function() { console.log('Populated database OK'); }); ``` or using numbered parameters as documented in <https://www.sqlite.org/c3ref/bind_blob.html>: ```Javascript db.transaction(function(tx) { tx.executeSql('CREATE TABLE IF NOT EXISTS DemoTable (name, score)'); tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101]); tx.executeSql('INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202]); }, function(error) { console.log('Transaction ERROR: ' + error.message); }, function() { console.log('Populated database OK'); }); ``` To check the data using the DRAFT standard transaction API: ```Javascript db.transaction(function(tx) { tx.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(tx, rs) { console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount); }, function(tx, error) { console.log('SELECT error: ' + error.message); }); }); ``` ### Using plugin-specific API calls  To populate a database using the SQL batch API: ```Javascript db.sqlBatch([ 'CREATE TABLE IF NOT EXISTS DemoTable (name, score)', [ 'INSERT INTO DemoTable VALUES (?,?)', ['Alice', 101] ], [ 'INSERT INTO DemoTable VALUES (?,?)', ['Betty', 202] ], ], function() { console.log('Populated database OK'); }, function(error) { console.log('SQL batch ERROR: ' + error.message); }); ``` or using numbered parameters as documented in <https://www.sqlite.org/c3ref/bind_blob.html>: ```Javascript db.sqlBatch([ 'CREATE TABLE IF NOT EXISTS DemoTable (name, score)', [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Alice', 101] ], [ 'INSERT INTO DemoTable VALUES (?1,?2)', ['Betty', 202] ], ], function() { console.log('Populated database OK'); }, function(error) { console.log('SQL batch ERROR: ' + error.message); }); ``` To check the data using the single SQL statement API: ```Javascript db.executeSql('SELECT count(*) AS mycount FROM DemoTable', [], function(rs) { console.log('Record count (expected to be 2): ' + rs.rows.item(0).mycount); }, function(error) { console.log('SELECT SQL statement ERROR: ' + error.message); }); ``` ### More detailed sample See the [Sample section](#sample) for a sample with a more detailed explanation (using the DRAFT standard transaction API).  ## Status - Windows platform support is now disabled in this plugin version, with CRYPTO provider (libTomCrypt) completely removed (ref: [litehelpers / Cordova-sqlcipher-adapter#63](https://github.com/litehelpers/Cordova-sqlcipher-adapter/issues/63)). For future consideration: enable Windows build again with encryption using a recent build of the OpenSSL crypto library ref: [litehelpers/Cordova-sqlcipher-adapter#30](https://github.com/litehelpers/Cordova-sqlcipher-adapter/issues/30) - SQLCipher version information: - SQLCipher `4.5.3` community for Android with OpenSSL 1.1.1s - in custom build from <https://github.com/brodybits/android-database-sqlcipher/tree/v4.5.x-defensive-jar-build> (`v4.5.x-defensive-jar-build` branch) - SQLCipher `4.5.3` community for iOS/macOS - with OpenSSL libcrypto for Android - using CommonCrypto framework for iOS/macOS - NO ENCRYPTION ENABLED (completely removed) for Windows - for future consideration: embed OpenSSL libcrypto for all target platforms - This plugin is __not__ supported by PhoneGap Developer App or PhoneGap Desktop App. - A recent version of the Cordova CLI is recommended. Known issues with older versions of Cordova: - Cordova pre-7.0.0 do not automatically save the state of added plugins and platforms (`--save` flag is needed for Cordova pre-7.0.0) - It may be needed to use `cordova prepare` in case of cordova-ios pre-4.3.0 (Cordova CLI `6.4.0`). - Cordova versions older than `6.0.0` are missing the `cordova-ios@4.0.0` security fixes. - This plugin version has SQLCipher included for all platforms and should be usable from PhoneGap Build. - SQLCipher build settings used: - `SQLITE_HAS_CODEC` (no longer enabled in Windows SQLite3 library build) - ~~`SQLITE_SOUNDEX` (Android only)~~ - ~~`SQLITE_MAX_VARIABLE_NUMBER=99999` (Android only)~~ - ~~`SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT=1048576` (Android only)~~ - `HAVE_USLEEP=1` - `SQLITE_TEMP_STORE=3` - `SQLCIPHER_CRYPTO_CC` (iOS/macOS only) - `SQLITE_LOCKING_STYLE=1` (iOS/macOS only) - ~~`DSQLITE_DEFAULT_JOURNAL_SIZE_LIMIT=1048576` (Android only)~~ - `NDEBUG` ~~(`NDEBUG=1` on Android)~~ - `SQLITE_THREADSAFE=1` - `SQLITE_DEFAULT_SYNCHRONOUS=3` (EXTRA DURABLE build setting) on all platforms (Android/iOS/macOS/~~Windows~~) ref: [xpbrew/cordova-sqlite-storage#736](https://github.com/xpbrew/cordova-sqlite-storage/issues/736) - ~~`SQLITE_ENABLE_MEMORY_MANAGEMENT=1` (Android only)~~ - `SQLITE_DEFAULT_MEMSTATUS=0` - `SQLITE_OMIT_DECLTYPE` (iOS/macOS/Windows) - `SQLITE_OMIT_DEPRECATED` - iOS/macOS (FUTURE TBD: Android ref: [brodybits/cordova-sqlcipher-adapter#82](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/82)) - `SQLITE_OMIT_PROGRESS_CALLBACK` (iOS/macOS/Windows) - `SQLITE_OMIT_SHARED_CACHE` - iOS/macOS/Windows - `SQLITE_ENABLE_DBSTAT_VTAB` - Android only - `SQLITE_ENABLE_LOAD_EXTENSION` (Android only) - `SQLITE_OMIT_LOAD_EXTENSION` (iOS/macOS/Windows) - `SQLITE_ENABLE_COLUMN_METADATA` (Android only) - `SQLITE_ENABLE_UNLOCK_NOTIFY` (Android only) - `SQLITE_ENABLE_FTS3` (iOS/macOS/Windows) - `SQLITE_ENABLE_FTS3_PARENTHESIS` - `SQLITE_ENABLE_FTS4` - `SQLITE_ENABLE_RTREE` - `SQLITE_ENABLE_STAT3` for Android only - `SQLITE_ENABLE_STAT4` for Android only - `SQLITE_ENABLE_FTS5` - `SQLITE_ENABLE_JSON1` - `SQLITE_ENABLE_MATH_FUNCTIONS` - Android/macOS/iOS - `SQLITE_OS_WINRT` (Windows only) - `SQLCIPHER_CRYPTO_OPENSSL` (Android only) - `SQLITE_DBCONFIG_DEFENSIVE` flag is used for extra SQL safety on all platforms (Android/iOS/macOS/~~Windows~~) ref: - <https://www.sqlite.org/c3ref/c_dbconfig_defensive.html> - <https://www.sqlite.org/releaselog/3_26_0.html> - The iOS database location is now mandatory, as documented below. - The following features are available in [`brodybits/cordova-sqlite-ext`](https://github.com/brodybits/cordova-sqlite-ext) _without SQLCipher_: - REGEXP (Android/iOS/macOS) - SELECT BLOB data in Base64 format (all platforms Android/iOS/macOS/Windows) - Pre-populated database (Android/iOS/macOS/Windows) - Windows platform version (using a customized version of the performant [doo / SQLite3-WinRT](https://github.com/doo/SQLite3-WinRT) C++ component based on the [brodybits/SQLite3-WinRT sync-api-fix branch](https://github.com/brodybits/SQLite3-WinRT/tree/sync-api-fix)) is now disabled in this plugin version, with CRYPTO provider completely removed ref: [brodybits/cordova-sqlcipher-adapter#63](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/63), and has the following known limitations: - Encryption no longer enabled in Windows SQLite3 library build. For future consideration: enable Windows build again with encryption using a recent build of the OpenSSL crypto library ref: [brodybits/cordova-sqlcipher-adapter#63](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/63) - _No background processing is supported (see below)_ - This plugin version branch has dependency on platform toolset libraries included by Visual Studio 2017 ref: [xpbrew/cordova-sqlite-storage#580](https://github.com/xpbrew/cordova-sqlite-storage/issues/580). Visual Studio 2015 is now supported by [`brodybits/cordova-sqlite-legacy`](https://github.com/brodybits/cordova-sqlite-legacy) (permissive license terms, no performance enhancements for Android) and [`brodybits/cordova-sqlite-evcore-legacy-ext-common-free`](https://github.com/brodybits/cordova-sqlite-evcore-legacy-ext-common-free) (GPL or commercial license terms, with performance enhancements for Android). UNTESTED workaround for Visual Studio 2015: it *may* be possible to support this plugin version on Visual Studio 2015 Update 3 by installing platform toolset v141.) - Visual Studio components needed: Universal Windows Platform development, C++ Universal Windows Platform tools. A recent version of Visual Studio 2017 will offer to install any missing feature components. - It is **not** possible to use this plugin with the default "Any CPU" target. A specific target CPU type **must** be specified when building an app with this plugin. - ARM target CPU for Windows Mobile is no longer supported. - The `SQLite3-WinRT` component in `src/windows/SQLite3-WinRT-sync` is based on [doo/SQLite3-WinRT commit f4b06e6](https://github.com/doo/SQLite3-WinRT/commit/f4b06e6a772a2688ee0575a8034b55401ea64049) from 2012, which is missing the asynchronous C++ API improvements. There is no background processing on the Windows platform. - Truncation issue with UNICODE `\u0000` character (same as `\0`) - INCONSISTENT error code (0) and INCORRECT error message (missing actual error info) in error callbacks ref: [xpbrew/cordova-sqlite-storage#539](https://github.com/xpbrew/cordova-sqlite-storage/issues/539) - Not possible to SELECT BLOB column values directly. It is recommended to use built-in HEX function to retrieve BLOB column values, which should work consistently across all platform implementations as well as (WebKit) Web SQL. Non-standard BASE64 function to SELECT BLOB column values in Base64 format is supported by [`brodybits/cordova-sqlite-ext`](https://github.com/brodybits/cordova-sqlite-ext) (permissive license terms) and [litehelpers / Cordova-sqlite-evcore-extbuild-free](https://github.com/litehelpers/Cordova-sqlite-evcore-extbuild-free) (GPL or commercial license terms) _with no encryption, may be supported with SQLCipher in case of sufficient demand in the future_. - Windows platform version uses `UTF-16le` internal database encoding while the other platform versions use `UTF-8` internal encoding. (`UTF-8` internal encoding is preferred ref: [xpbrew/cordova-sqlite-storage#652](https://github.com/xpbrew/cordova-sqlite-storage/issues/652)) - Known issue with database names that contain certain US-ASCII punctuation and control characters (see below) - The **macOS** platform version (**"osx" platform**) is not tested in a release build and should be considered pre-alpha with known issues: - `cordova prepare osx` is needed before building and running from Xcode - known issue between `cordova-osx` and Cordova CLI `10.0.0`: <https://github.com/apache/cordova-osx/issues/106> - Android platform version: - Android versions supported: _minimum is 4.4 (API level 19), see also:_ <https://cordova.apache.org/docs/en/latest/guide/platforms/android/> - SQLCipher for Android build uses the OpenSSL crypto library for encryption - Uses `androidx.sqlite` framework, requires AndroidX support to be enabled starting with cordova-android@9 ref: <https://cordova.apache.org/announcements/2020/06/29/cordova-android-9.0.0.html> - ICU case-insensitive matching and other Unicode string manipulations is no longer supported for Android. - iOS platform version: - iOS versions supported: 8.x / 9.x / 10.x / 11.x / 12.x (see [deviations section](#deviations) below for differences in case of WKWebView) - REGEXP is no longer supported for iOS. - The macOS platform version ("osx" platform) is not tested in a release build and should be considered pre-alpha. - FTS3, FTS4, and R-Tree are fully tested and supported for all target platforms in this version branch. - Default `PRAGMA journal_mode` setting - __tested__: `delete` on all platforms in this plugin version - AUTO-VACUUM is not enabled by default. If no form of `VACUUM` or `PRAGMA auto_vacuum` is used then sqlite will automatically reuse deleted data space for new data but the database file will never shrink. _For reference:_ - <http://www.sqlite.org/pragma.html#pragma_auto_vacuum> - [xpbrew/cordova-sqlite-storage#646](https://github.com/xpbrew/cordova-sqlite-storage/issues/646) - In case of memory issues please use smaller transactions (support of evcore & evplus enhancements with SQLCipher is for future consideration) - Pre-populatd DB is __not__ supported by this version. - Lawnchair adapter has __not__ been validated with this plugin version and is NOT guaranteed to work (see below).  ## Announcements - Using recent version of SQLCipher (see above) with window functions and some security updates ref: - [brodybits/cordova-sqlcipher-adapter#94](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/94) - [xpbrew/cordova-sqlite-storage#895](https://github.com/xpbrew/cordova-sqlite-storage/issues/895) - [xpbrew/cordova-sqlite-storage#867](https://github.com/xpbrew/cordova-sqlite-storage/issues/867) - [xpbrew/cordova-sqlite-storage#837](https://github.com/xpbrew/cordova-sqlite-storage/issues/837) - Using `SQLITE_DEFAULT_SYNCHRONOUS=3` (EXTRA DURABLE) build setting to be extra robust against possible database corruption _on all platforms_ ref: [xpbrew/cordova-sqlite-storage#736](https://github.com/xpbrew/cordova-sqlite-storage/issues/736) - `SQLITE_DBCONFIG_DEFENSIVE` flag is used for extra SQL safety _on all platforms_, as described above - Recent build fixes: - Fixed iOS/macOS platform version to use *custom* version of [PSPDFThreadSafeMutableDictionary.m](https://gist.github.com/steipete/5928916) to avoid threading issue, custom version to avoid potential conflicts with custom iOS/macOS plugins ref: [xpbrew/cordova-sqlite-storage#716](https://github.com/xpbrew/cordova-sqlite-storage/issues/716), [xpbrew/cordova-sqlite-storage#861](https://github.com/xpbrew/cordova-sqlite-storage/issues/861) - workaround for redefinition of `SYNTAX_ERR` when using some other plugins ref: [xpbrew/cordova-sqlite-storage#868](https://github.com/xpbrew/cordova-sqlite-storage/issues/868) - Nice overview of cordova-sqlite-storage and other alternatives for storing local data (without SQLCipher) at: <https://www.sitepoint.com/storing-local-data-in-a-cordova-app/> - New alternative solution for small data storage (without SQLCipher): [TheCocoaProject/ cordova-plugin-nativestorage](https://github.com/TheCocoaProject/cordova-plugin-nativestorage) - simpler "native storage of variables" for Android/iOS/Windows - Resolved Java 6/7/8 concurrent map compatibility issue reported in [xpbrew/cordova-sqlite-storage#726](https://github.com/xpbrew/cordova-sqlite-storage/issues/726), THANKS to pointer by [@NeoLSN (Jason Yang/楊朝傑)](https://github.com/NeoLSN) in [xpbrew/cordova-sqlite-storage#727](https://github.com/xpbrew/cordova-sqlite-storage/issues/727). - Updated workaround solution to [BUG 666 (xpbrew/cordova-sqlite-storage#666)](https://github.com/xpbrew/cordova-sqlite-storage/issues/666) (possible transaction issue after window.location change with possible data loss): close database if already open before opening again - [`brodybits/cordova-sqlite-ext`](https://github.com/brodybits/cordova-sqlite-ext) _(without SQLCipher functionality)_ now supports SELECT BLOB data in Base64 format on all platforms in addition to REGEXP (Android/iOS/macOS) and pre-populated database (all platforms). - [brodybits / sql-promise-helper](https://github.com/brodybits/sql-promise-helper) provides a Promise-based API wrapper. - [nolanlawson / pouchdb-adapter-cordova-sqlite](https://github.com/nolanlawson/pouchdb-adapter-cordova-sqlite) supports this plugin along with other implementations such as [nolanlawson / sqlite-plugin-2](https://github.com/nolanlawson/sqlite-plugin-2) and [Microsoft / cordova-plugin-websql](https://github.com/Microsoft/cordova-plugin-websql). - macOS ("osx" platform) is now supported - New [litehelpers / Cordova-sqlite-evcore-extbuild-free](https://github.com/litehelpers/Cordova-sqlite-evcore-extbuild-free) plugin version (WITHOUT SQLCipher support) with Android JSON and SQL statement handling implemented in C, as well as support for PhoneGap Build, Intel XDK, etc. (GPL or commercial license terms). Handles large SQL batches in less than half the time as this plugin version. Also supports arbitrary database location on Android. FOR FUTURE CONSIDERATION: evcore version with SQLCipher supported may be added upon sufficient demand. - Published [brodybits / Cordova-quick-start-checklist](https://github.com/brodybits/Cordova-quick-start-checklist) and [brodybits / Avoiding-some-Cordova-pitfalls](https://github.com/brodybits/Avoiding-some-Cordova-pitfalls). - Self-test functions to verify proper installation and operation of this plugin - More explicit `openDatabase` and `deleteDatabase` `iosDatabaseLocation` option - Added straightforward sql batch function - PhoneGap Build is now supported through the npm package: http://phonegap.com/blog/2015/05/26/npm-plugins-available/ - [MetaMemoryT / websql-promise](https://github.com/MetaMemoryT/websql-promise) now provides a Promises-based interface to both (WebKit) Web SQL and this plugin  ## Highlights - This plugin version is built with [SQLCipher](https://www.zetetic.net/sqlcipher/) included. - Drop-in replacement for HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/): the only change should be to replace the static `window.openDatabase()` factory call with `window.sqlitePlugin.openDatabase()`, with parameters as documented below. Known deviations are documented in the [deviations section](#deviations) below. - Failure-safe nested transactions with batch processing optimizations (according to HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/)) - Transaction API (based on HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/)) is designed for maximum flexiblibility, does not allow any transactions to be left hanging open. - As described in [this posting](http://brodyspark.blogspot.com/2012/12/cordovaphonegap-sqlite-plugins-offer.html): - Keeps sqlite database in known, platform specific user data location on all supported platforms (Android/iOS/macOS/...), which can be reconfigured on iOS/macOS. Whether or not the database on the iOS platform is synchronized to iCloud depends on the selected database location. - No arbitrary size limit. SQLite limits described at: <http://www.sqlite.org/limits.html> - Also validated for multi-page applications by internal test selfTest function. - This project is self-contained. There are no dependencies on other plugins such as cordova-plugin-file. - Windows platform version _(NOW DISABLED IN THIS PLUGIN VERSION)_ uses a customized version of the performant [doo / SQLite3-WinRT](https://github.com/doo/SQLite3-WinRT) C++ component. - Intellectual property: - All source code is tracked to the original author in git - Major authors are tracked in AUTHORS.md - License of each component is tracked in LICENSE.md - History of this project is also described in HISTORY.md **TIP:** It is possible to migrate from Cordova to a pure native solution and continue using the data stored by this plugin.  ## Getting started ### Recommended prerequisites - Install a recent version of Cordova CLI, create a simple app with no plugins, and run it on the desired target platforms. - Add a very simple plugin such as `cordova-plugin-dialogs` or an echo plugin and get it working. Ideally you should be able to handle a callback with some data coming from a prompt. These prereqisites are very well documented in a number of excellent resources including: - <http://cordova.apache.org/> (redirected from <http://cordova.io>) - <http://www.tutorialspoint.com/cordova/> - <https://ccoenraets.github.io/cordova-tutorial/> - <https://www.toptal.com/mobile/developing-mobile-applications-with-apache-cordova> - <http://www.tutorialspoint.com/cordova/index.htm> More resources can be found by <https://www.google.com/search?q=cordova+tutorial>. There are even some tutorials available on YouTube as well. In addition, this guide assumes a basic knowledge of some key JavaScript concepts such as variables, function calls, and callback functions. There is an excellent explanation of JavaScript callbacks at <http://cwbuecheler.com/web/tutorials/2013/javascript-callbacks/>. **MAJOR TIPS:** As described in the [Installing](#installing) section: - In case of extra-old Cordova CLI pre-7.0, it is recommended to use the `--save` flag when installing plugins to add them to `config.xml` / `package.json`. (This is automatic starting with Cordova CLI 7.0.) - Assuming that all plugins are added to `config.xml` or `package.json`, there is no need to commit the `plugins` subdirectory tree into the source repository. - In general it is *not* recommended to commit the `platforms` subdirectory tree into the source repository. **NOTICE:** This plugin is only supported with the Cordova CLI. This plugin is *not* supported with other Cordova/PhoneGap systems such as PhoneGap CLI, PhoneGap Build, Plugman, Intel XDK, Webstorm, etc.   ### Quick installation Use the following command to install this plugin version from the Cordova CLI: ```shell cordova plugin add cordova-sqlcipher-adapter # --save RECOMMENDED for Cordova CLI pre-7.0 ``` Add any desired platform(s) if not already present, for example: ```shell cordova platform add android ``` **OPTIONAL:** prepare before building (**MANDATORY** for cordova-ios older than `4.3.0` (Cordova CLI `6.4.0`)) ```shell cordova prepare ``` or to prepare for a single platform, Android for example: ```shell cordova prepare android ``` Please see the [Installing](#installing) section for more details. **NOTE:** The new [brodybits / cordova-sqlite-test-app](https://github.com/brodybits/cordova-sqlite-test-app) project includes the echo test, self test, and string test described below along with some more sample functions.  ### Self test Try the following programs to verify successful installation and operation: **Echo test** - verify successful installation and build: ```js document.addEventListener('deviceready', function() { window.sqlitePlugin.echoTest(function() { console.log('ECHO test OK'); }); }); ``` **Self test** - automatically verify basic database access operations including opening a database; basic CRUD operations (create data in a table, read the data from the table, update the data, and delete the data); close and delete the database: ```js document.addEventListener('deviceready', function() { window.sqlitePlugin.selfTest(function() { console.log('SELF test OK'); }); }); ``` **NOTE:** It may be easier to use a JavaScript or native `alert` function call along with (or instead of) `console.log` to verify that the installation passes both tests. Same for the SQL string test variations below. (Note that the Windows platform does not support the standard `alert` function, please use `cordova-plugin-dialogs` instead.) ### SQL string test This test verifies that you can open a database, execute a basic SQL statement, and get the results (should be `TEST STRING`): ```js document.addEventListener('deviceready', function() { var db = window.sqlitePlugin.openDatabase({name: 'test.db', key: 'user-password', location: 'default'}); db.transaction(function(tr) { tr.executeSql("SELECT upper('Test string') AS upperString", [], function(tr, rs) { console.log('Got upperString result: ' + rs.rows.item(0).upperString); }); }); }); ``` Here is a variation that uses a SQL parameter instead of a string literal: ```js document.addEventListener('deviceready', function() { var db = window.sqlitePlugin.openDatabase({name: 'test.db', key: 'user-password', location: 'default'}); db.transaction(function(tr) { tr.executeSql('SELECT upper(?) AS upperString', ['Test string'], function(tr, rs) { console.log('Got upperString result: ' + rs.rows.item(0).upperString); }); }); }); ``` ### Moving forward It is recommended to read through the [usage](#usage) and [sample](#sample) sections before building more complex applications. In general it is recommended to start by doing things one step at a time, especially when an application does not work as expected. The new [brodybits / cordova-sqlite-test-app](https://github.com/brodybits/cordova-sqlite-test-app) sample is intended to be a boilerplate to reproduce and demonstrate any issues you may have with this plugin. You may also use it as a starting point to build a new app. In case you get stuck with something please read through the [support](#support) section and follow the instructions before raising an issue. Professional support is also available by contacting: <sales@xpbrew.consulting> ### Plugin usage examples and tutorials **Simple example:** FUTURE TODO (WANTED): samples using this plugin version (with encryption) **WITHOUT SQLCIPHER:** - [brodybits / cordova-sqlite-storage-starter-app](https://github.com/brodybits/cordova-sqlite-storage-starter-app) (using `cordova-sqlite-storage` plugin version) **Tutorials:** FUTURE TODO (WANTED): tutorials using this plugin version (with encryption) **WITHOUT SQLCIPHER:** - <https://codesundar.com/cordova-sqlite-storage/> (using `cordova-sqlite-storage` plugin version with JQuery) **PITFALL WARNING:** A number of tutorials show up in search results that use Web SQL database instead of this plugin. WANTED: simple, working CRUD tutorial sample ref: [xpbrew/cordova-sqlite-storage#795](https://github.com/xpbrew/cordova-sqlite-storage/issues/795) ### SQLite resources - <http://www.tutorialspoint.com/sqlite/index.htm> with a number of helpful articles ### Some other Cordova resources - <http://www.tutorialspoint.com/cordova/cordova_file_system.htm>  ## Some apps using Cordova SQLCipher adapter plugin version TBD *YOUR APP HERE*  ## Security ### Security of sensitive data According to [Web SQL Database API 7.2 Sensitivity of data](https://www.w3.org/TR/webdatabase/#sensitivity-of-data): >User agents should treat persistently stored data as potentially sensitive; it's quite possible for e-mails, calendar appointments, health records, or other confidential documents to be stored in this mechanism. > >To this end, user agents should ensure that when deleting data, it is promptly deleted from the underlying storage. Unfortunately this plugin will not actually overwrite the deleted content unless the [secure_delete PRAGMA](https://www.sqlite.org/pragma.html#pragma_secure_delete) is used. ### SQL injection As "strongly recommended" by [Web SQL Database API 8.5 SQL injection](https://www.w3.org/TR/webdatabase/#sql-injection): >Authors are strongly recommended to make use of the `?` placeholder feature of the `executeSql()` method, and to never construct SQL statements on the fly.  # Avoiding data loss - Double-check that the application code follows the documented API for SQL statements, parameter values, success callbacks, and error callbacks. - For standard Web SQL transactions include a transaction error callback with the proper logic that indicates to the user if data cannot be stored for any reason. In case of individual SQL error handlers be sure to indicate to the user if there is any issue with storing data. - For single statement and batch transactions include an error callback with logic that indicates to the user if data cannot be stored for any reason.  ## Deviations ### Some known deviations from the Web SQL database standard - The `window.sqlitePlugin.openDatabase` static factory call takes a different set of parameters than the standard Web SQL `window.openDatabase` static factory call. In case you have to use existing Web SQL code with no modifications please see the **Web SQL replacement tip** below. - This plugin does *not* support the database creation callback or standard database versions. Please read the **Database schema versions** section below for tips on how to support database schema versioning. - This plugin does *not* support the synchronous Web SQL interfaces. - Known issues with handling of certain ASCII/UNICODE characters as described below. - It is possible to request a SQL statement list such as "SELECT 1; SELECT 2" within a single SQL statement string, however the plugin will only execute the first statement and silently ignore the others ref: [xpbrew/cordova-sqlite-storage#551](https://github.com/xpbrew/cordova-sqlite-storage/issues/551) - It is possible to insert multiple rows like: `transaction.executeSql('INSERT INTO MyTable VALUES (?,?),(?,?)', ['Alice', 101, 'Betty', 102]);` which was not supported by SQLite 3.6.19 as referenced by [Web SQL (DRAFT) API section 5](https://www.w3.org/TR/webdatabase/#web-sql). The iOS WebKit Web SQL implementation seems to support this as well. - Unlike the HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/) this plugin handles executeSql calls with too few parameters without error reporting. In case of too many parameters this plugin reports error code 0 (SQLError.UNKNOWN_ERR) while Android/iOS (WebKit) Web SQL correctly reports error code 5 (SQLError.SYNTAX_ERR) ref: https://www.w3.org/TR/webdatabase/#dom-sqlexception-code-syntax - Positive and negative `Infinity` SQL parameter argument values are treated like `null` by this plugin on Android and iOS ref: [xpbrew/cordova-sqlite-storage#405](https://github.com/xpbrew/cordova-sqlite-storage/issues/405) - Positive and negative `Infinity` result values cause a crash on iOS/macOS cases ref: [xpbrew/cordova-sqlite-storage#405](https://github.com/xpbrew/cordova-sqlite-storage/issues/405) - Known issue(s) with of certain ASCII/UNICODE characters as described below. - Boolean `true` and `false` values are handled by converting them to the "true" and "false" TEXT string values, same as WebKit Web SQL on Android and iOS. This does not seem to be 100% correct as discussed in: [xpbrew/cordova-sqlite-storage#545](https://github.com/xpbrew/cordova-sqlite-storage/issues/545) - A number of uncategorized errors such as CREATE VIRTUAL TABLE USING bogus module are reported with error code 5 (SQLError.SYNTAX_ERR) on Android/iOS/macOS by both (WebKit) Web SQL and this plugin. - Error is reported with error code of `0` _on Android and disabled Windows platforms_ - In case of an issue that causes an API function to throw an exception (Android/iOS WebKit) Web SQL includes includes a code member with value of 0 (SQLError.UNKNOWN_ERR) in the exception while the plugin includes no such code member. - This plugin supports some non-standard features as documented below. - Results of SELECT with BLOB data such as `SELECT LOWER(X'40414243') AS myresult`, `SELECT X'40414243' AS myresult`, or reading data stored by `INSERT INTO MyTable VALUES (X'40414243')` are not consistent on Android or Windows. (These work with Android/iOS WebKit Web SQL and have been supported by SQLite for a number of years.) - Whole number parameter argument values such as `42`, `-101`, or `1234567890123` are handled as INTEGER values by this plugin on Android, iOS (default UIWebView), and Windows while they are handled as REAL values by (WebKit) Web SQL and by this plugin on iOS with WKWebView (using cordova-plugin-wkwebview-engine) or macOS ("osx"). This is evident in certain test operations such as `SELECT ? as myresult` or `SELECT TYPEOF(?) as myresult` and storage in a field with TEXT affinity. - INTEGER, REAL, +/- `Infinity`, `NaN`, `null`, `undefined` parameter argument values are handled as TEXT string values on Android. (This is evident in certain test operations such as `SELECT ? as myresult` or `SELECT TYPEOF(?) as myresult` and storage in a field with TEXT affinity.) - In case of invalid transaction callback arguments such as string values the plugin attempts to execute the transaction while (WebKit) Web SQL would throw an exception. - The plugin handles invalid SQL arguments array values such as `false`, `true`, or a string as if there were no arguments while (WebKit) Web SQL would throw an exception. NOTE: In case of a function in place of the SQL arguments array WebKit Web SQL would report a transaction error while the plugin would simply ignore the function. - In case of invalid SQL callback arguments such as string values the plugin may execute the SQL and signal transaction success or failure while (WebKit) Web SQL would throw an exception. - In certain cases such as `transaction.executeSql(null)` or `transaction.executeSql(undefined)` the plugin throws an exception while (WebKit) Web SQL indicates a transaction failure. - In certain cases such as `transaction.executeSql()` with no arguments (Android/iOS WebKit) Web SQL includes includes a code member with value of 0 (SQLError.UNKNOWN_ERR) in the exception while the plugin includes no such code member. - If the SQL arguments are passed in an `Array` subclass object where the `constructor` does not point to `Array` then the SQL arguments are ignored by the plugin. - The results data objects are not immutable as specified/implied by [Web SQL (DRAFT) API section 4.5](https://www.w3.org/TR/webdatabase/#database-query-results). - This plugin version provides encryption which is NOT covered by the HTML5/[Web SQL API](http://www.w3.org/TR/webdatabase/). - This plugin supports use of numbered parameters (`?1`, `?2`, etc.) as documented in <https://www.sqlite.org/c3ref/bind_blob.html>, not supported by HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/) ref: [Web SQL (DRAFT) API section 4.2](https://www.w3.org/TR/webdatabase/#parsing-and-processing-sql-statements). - In case of UPDATE this plugin reports `insertId` with the result of `sqlite3_last_insert_rowid()` _on iOS, macOS, and disabled Windows platforms_ while attempt to access `insertId` on the result set database opened by HTML5/[Web SQL (DRAFT) API](http://www.w3.org/TR/webdatabase/) results in an exception. ### Security of deleted data See **Security of sensitive data** in the [Security](#security) section above. ### Other differences with WebKit Web SQL implementations - FTS3 is not consistently supported by (WebKit) Web SQL on Android/iOS. - FTS4 and R-Tree are not consistently supported by (WebKit) Web SQL on Android/iOS or desktop browser. - In case of ignored INSERT OR IGNORE statement WebKit Web SQL (Android/iOS) reports insertId with an old INSERT row id value while the plugin reports insertId: undefined. - In case of a SQL error handler that does not recover the transaction, WebKit Web SQL (Android/iOS) would incorrectly report error code 0 while the plugin would report the same error code as in the SQL error handler. (In case of an error with no SQL error handler then Android/iOS WebKit Web SQL would report the same error code that would have been reported in the SQL error hander.) - In case a transaction function throws an exception, the message and code if present are reported by the plugin but *not* by (WebKit) Web SQL. - Inconsistent error message formatting on Android (using custom build of [`sqlcipher/android-database-sqlcipher`](https://github.com/sqlcipher/android-database-sqlcipher)) ([brodybits/cordova-sqlcipher-adapter#95](https://github.com/brodybits/cordova-sqlcipher-adapter/issues/95)), for example: `incomplete input: , while compiling: INSERT INTO test_table .data. VALUES` - SQL error messages are inconsistent on Windows. - There are some other differences in the SQL error messages reported by WebKit Web SQL and this plugin. NOTE that unlike the android.database.sqlite implementation on Android 4.x(+) SQLCipher for Android does not seem to include the error code in most of the error message.  ## Known issues - The iOS/macOS platform versions do not support certain rapidly repeated open-and-close or open-and-delete test scenarios due to how the implementation handles background processing - Cannot read encrypted database with CORRECT password directly after attempt to open with INCORRECT password ref: [litehelpers/Cordova-sqlcipher-adapter#43](https://github.com/litehelpers/Cordova-sqlcipher-adapter/issues/43) - It is possible to request a SQL statement list such as "SELECT 1; SELECT 2" within a single SQL statement string, however the plugin will only execute the first statement and silently ignore the others ref: [xpbrew/cordova-sqlite-storage#551](https://github.com/xpbrew/cordova-sqlite-storage/issues/551) - Execution of INSERT statement that affects multiple rows (due to SELECT cause or using TRIGGER(s), for example) reports incorrect rowsAffected _on Android_. - Memory issue observed when adding a large number of records due to the JSON implementation which is improved in [litehelpers / Cordova-sqlite-evcore-extbuild-free](https://github.com/litehelpers/Cordova-sqlite-evcore-extbuild-free) (GPL or commercial license terms) - Infinity (positive or negative) values are not supported on Android/iOS/macOS due to issues described above including a possible crash on iOS/macOS ref: [xpbrew/cordova-sqlite-storage#405](https://github.com/xpbrew/cordova-sqlite-storage/issues/405) - A stability issue was reported on the iOS platform version when in use together with [SockJS](http://sockjs.org/) client such as [pusher-js](https://github.com/pusher/pusher-js) at the same time (see [xpbrew/cordova-sqlite-storage#196](https://github.com/xpbrew/cordova-sqlite-storage/issues/196)). The workaround is to call sqlite functions and [SockJS](http://sockjs.org/) client functions in separate ticks (using setTimeout with 0 timeout). - SQL errors are reported with incorrect & inconsistent error message on Windows - missing actual error info ref: [xpbrew/cordova-sqlite-storage#539](https://github.com/xpbrew/cordova-sqlite-storage/issues/539). - Close/delete database bugs described below. - When a database is opened and deleted without closing, the iOS/macOS platform version is known to leak resources. - It is NOT possible to open multiple databases with the same name but in different locations (iOS/macOS platform version). _Some additional issues are tracked in [open cordova-sqlite-storage bug-general issues](https://github.com/xpbrew/cordova-sqlite-storage/issues?q=is%3Aissue+is%3Aopen+label%3Abug-general) and [open Cordova-sqlcipher-adapter bug-general issues](https://github.com/litehelpers/Cordova-sqlcipher-adapter/issues?q=is%3Aissue+is%3Aopen+label%3Abug-general)._  ## Other limitations - ~~The db version, display name, and size parameter values are not supported and will be ignored.~~ (No longer supported by the API) - Absolute and relative subdirectory path(s) are not tested or supported. - This plugin will not work before the callback for the 'deviceready' event has been fired, as described in **U