On 6 Dec 2013, at 3:31am, Stephen Chrzanowski <pontia...@gmail.com> wrote:
> It was mentioned in another thread, of this exact subject (I think this is > the third thread?) that the package/sandbox idea won't work due to certain > constraints the OS puts on the file. On one hand, you can't keep a database file inside the app's package itself and write to it, because an App isn't expected to write to itself (common technique for a malware app hiding what it really is: when you run it it downloads the malware code from a server, writes that code to itself then restarts itself). It would work fine with a read-only database, but this thread is about corruption due to writing journal files. On the second hard, you can make a package anywhere. Including but not limited to the user's Documents folder, and the folder where an application is expected to keep its own data files. On the gripping hand, there's nothing particularly secure about packages. The Finder allows a user to look inside a package easily, and if that user has enough privileges they can move one file out of the package and leave the rest there. Keeping a database file inside a package is one additional layer of resistance against malicious corruption, but it's a very thin layer. The conclusion (though not 100% of the reasoning) of the rest of your post I agree with: this is not an issue which can or should be dealt with inside SQLite. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
