This is very useful, for example, when you ship your application to the client(s) with SQLite as the main conf/data storage. You don't have to think about whether their drives are encrypted. Also, it assures the clients that all the data in your application is encrypted by default.
Where are the encryption keys stored? Does the client have to type in a password every time?
Userspace encryption of user data has been almost universally rejected because there's no reasonable attack on it - Any attacker that has access to the data also has access to the encryption key.
> Where are the encryption keys stored? Does the client have to type in a password every time?
It depends on the use case. Typing a password to unlock the database when the app is started is a popular approach (e.g., keepassx does this), but you can also hardcode/obfuscate it, fetch it remotely, etc.
> Userspace encryption of user data has been almost universally rejected
Any kind of encryption is better than none. However, an encrypted drive will add zero value if your data and OS can be accessed remotely.
> Userspace encryption of user data has been almost universally rejected because there's no reasonable attack on it - Any attacker that has access to the data also has access to the encryption key.
So don't you mean there's no reasonable defense against an attack on it? If the "attack" is to just decrypt it with the decryption key the attacker also finds, that seems very reasonable. :-)
I don't know if that's his use case, but we had many users tell us they share their account with other users so they want the data to be encrypted even when logged in.
Of course if they share their computer, someone could install a keylogger and wait for them to type their passwords, but I guess that's an extra layer of security that may help a bit.
Surely you turn on disk encryption on your drive then if an attacker yanks the drive and tries to read your database without your password they fail?