Secure Solution: Do not store a hashed password on the disk.

Steps:

1. Have the user input a password at runtime for the database.
2. Hash the password. (use SHA-256)
3. Use the hash to derive a symmetric 256-bit key. (or use hash directly as the key)
4. Use the 256-bit key to encrypt/decrypt the database file on the disk. (use AES algorithm)

Pro: Database encryption key is generated at run-time and never stored on the disk (only in memory).

Con: Encryption and key derivation becomes implementation specific and time consuming to implement.

You get to decide whether the required security for the application is worth the time to implement the security protocols correctly.

PS: This is the general way to securely password protect a file on disk, and the database is just a file.

You correctly identified that storing the hash anywhere on the disk makes the password vulnerable to attacks such as breaching file access control, known cypher-text attacks, or chosen cypher-text attacks.

Security Solution: Do not store a hashed password on the disk.

Since your database is just a file we can use the general way to securely password protect a file on disk.

Algorithm To Securely Password Protect A File:

1. Have the user input a password at runtime for the file. (database in your case)
2. Hash the password. (I'd use SHA-256)
3. Use the hash to derive a symmetric 256-bit key. (I'd use hash directly as the key)
4. Use the 256-bit key to encrypt/decrypt the database file on the disk. (I'd use the AES algorithm)

Major Pro: Database encryption key is generated at run-time and never stored on the disk.

Minor Con: Encryption and key derivation becomes implementation specific and laborous to implement.

You get to decide whether the required security for the application is worth the time to implement the security protocols correctly.

Secure Solution: Do not store a hashed password on the disk.

Steps:

1. Have the user input a password at runtime for the database.
2. Hash the password. (use SHA-256)
3. Use the hash to derive a symmetric 256-bit key. (or use hash directly as the key)
4. Use the 256-bit key to encrypt/decrypt the database file on the disk. (use AES algorithm)

Pro: Database encryption key is generated at run-time and never stored on the disk (only in memory).

Con: Encryption and key derivation becomes implementation specific and time consuming to implement.

You get to decide whether the required security for the application is worth the time to implement the security protocols correctly.

Secure Solution: Do not store a hashed password on the disk.

Steps:

1. Have the user input a password at runtime for the database.
2. Hash the password. (use SHA-256)
3. Use the hash to derive a symmetric 256-bit key. (or use hash directly as the key)
4. Use the 256-bit key to encrypt/decrypt the database file on the disk. (use AES algorithm)

Pro: Database encryption key is generated at run-time and never stored on the disk (only in memory).

Con: Encryption and key derivation becomes implementation specific and time consuming to implement.

You get to decide whether the required security for the application is worth the time to implement the security protocols correctly.

PS: This is the general way to securely password protect a file on disk, and the database is just a file.