On 22 Apr 2015, at 4:46pm, Michael Stephenson <domehead100 at gmail.com> wrote:
> Simon, if the data in the database is sensitive, could you encrypt the > database (ala something like https://www.zetetic.net/sqlcipher/)? Unfortunately, this doesn't help. I'm not concerned with the database file itself. I know exactly what that's called, and I can check it has been correctly deleted. I'm concerned with the data in several external files that SQLite creates and deletes as it does its work. Some of those would contain unencrypted data. And some of them have unpredictable names, or, at least since the filenames are not documented they may change in future versions of SQLite. You have made me realise, however, that a nice attack against encrypted SQLite databases might be to crash a SQLite application while it's processing and examine any journal files, shared memory file and temporary index files. It might be interesting to review the various encryption systems widely available for SQLite and figure out which of them would be vulnerable to such an attack. By the way, if you want good (paid, not free) SQLite encryption you want to check out <http://www.hwaci.com/sw/sqlite/see.html> Simon.
