sqlbox is an open source C/C++ secure database access library at this time limited to sqlite3 databases. (postgresql is in the planning phase.) Instead of operating databases in-process, sqlbox uses a multi-process, resource-separated approach to safe-guard the database from the calling application.

some features…

sqlbox is designed to update ksql with higher performance and a simpler implementation. The library is well-documented and has all of its behaviour checked with a large set of regression tests. It may be run on any modern UNIX. It is a project.

latest release…


You'll need any modern UNIX system with the sqlite3 library already installed. (Tested on FreeBSD, Linux, OpenBSD; built on OpenBSD.) I strongly suggest using OpenBSD as it provides the pledge facility. Other systems, such as Linux or FreeBSD, are more difficult (hugely so, in the former case) to configure securely. Start by checking that your system's third-party packages system doesn't already have sqlbox. If it does not, proceed.

Download either the latest release (sqlbox.tar.gz | sha512) or the current sources from the GitHub repository.

  1. Download and verify the newest release (if not from the source repository).
    sha512 -C sqlbox.tar.gz.sh512 sqlbox.tar.gz
    tar zvxpf sqlbox.tar.gz
  2. Configure for your system and install destination, compile, install. The default is /usr/local.
    make install
    You may need to run this with BSD make (bmake) on non-BSD systems. You shouldn't need to pass any arguments to configure.

That's it! The manpages are the canonical source of information on this library. Start with sqlbox(3).


The purpose of sqlbox is to provide security to your data from your application: both from programming errors and compromise. Its security principles are as follows:

It effects this by forked a database management process with pre-set database names and statements. Once forked, the names and statements are inherited and can no longer be changed. Communication with the database is via tightly-controlled socket IPC with the control process. Requests for statements are by identifier, not strings.

operation of sqlbox
Not only does this protect the database itself, it also allows fine-grained access controls and other operations opaque to the caller.

When the caller uses a constraint mechanism such as pledge, it makes the database completely inaccessable except via controlled IPC.

This security is built to enforce a role-based access control system, which is useful when a single application has several different roles of operation (e.g., users, administration, analysis). This is enforced within the management process, so a compromised application cannot change its own role except within the transition matrix set during creation. The management process also provides opaque anonymisation of data, which is especially useful for analysis when database information may contain identity information.


The following are a series of performance measurements between raw sqlite3 databases. using the C/C++ API, ksql, and sqlbox. For consistency, all databases in the performance analysis are opened as :memory:.

sqlbox tries to minimise the amount of system calls used to exchange data, and minimise even further instances of synchronous communication where the client requests then waits for data.

performance metric 1
A full cycle of opening a database, creating a table, and inserting a single row of data (four integers, to be precise). This is re-run for the number of iterations on the x-axis. Since these operations use asynchronous sqlbox, the performance penalty is only for interprocess communication.
performance metric 2
A series of statement preparations, binding parameters to the query, and executing the query. The step function is synchronous and constitutes the majority of the delay in the sqlbox case.
performance metric 3
This prepares then, in a loop, rebinds and steps a statement. The step function, again, is synchronous and constitutes the majority of overhead.
performance metric 4
This showcases how quickly selection occurs with sqlbox's multiple-select option, where rows are cached ahead of time by the server and returned quickly to the client.

In general, the slowness of ksql is that each operation involves a synchronous read and write between server and client. In sqlbox, there are asynchronous versions of most functions to significantly reduce contention. Moreover, the wire format is optimised for one unfragmented read (or write) in the general case.


The canonical documentation for using sqlbox is its manpages. Below is a list of all bundled manuals. These apply to the current version of this software, which is 0.1.13.

This library makes use of pkg-config, so testing for installation, compile and link flags, etc., are all accomplished using that way.