It sounds like you've got a way forward on leaks via the malloc() system within the process space.
Be aware that depending on your system (and the attackers' capabilities), you might have to worry about other leaks. For instance, if I did a query that involved a FLOAT index, and then closed the sqlite session and cleared the zero-malloc block, it wouldn't be at all surprising if some float values related to database contents, or to my query, were still in 1) The region of the C process stack that was reached by some deep call stack. 2) Processor registers. 3) Process pages that were copied to disk by the OS (this could be a problem even if you otherwise have a good handle on clearing malloc() blocks). Regards, Bill -----Original Message----- From: Max Vlasov [mailto:max.vla...@gmail.com] Subject: [sqlite] Best way to wipe out data of a closed database Hi, in an application that implements encryption/decryption with VFS, what is the best way to ensure that the memory of the application doesn't contain decrypted data after the database is closed. So no side application could retrieve sensitive information by reading this process memory. Not only the base as a whole but also fragments of database sectors anywhere in the process memory space. One of the trick possible is to add additional zeroing out to the global free handler, but this can probably introduce performance penalties. Is there any other way to do this? Thanks, Max ************************************************************************************** This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited. ************************************************************************************** _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
