Simon, if the data in the database is sensitive, could you encrypt the database (ala something like https://www.zetetic.net/sqlcipher/)?
That way if the file is left around for some reason, it's much less of a concern. Your app could generate a new (random) key each time it creates a new database. When the program exits, the key is not saved anywhere so getting at the data means breaking the encryption if the file is left hanging around for some reason. If sqlcipher itself is not that palatable or won't work on your mystery OS, it's pretty easy to write your own pager-based encryption based on the hooks that are provided when SQLITE_HAS_CODEC is defined. I did something like this. I got started by diffing the sqlite source with the sqlcipher source which showed me what they had done. I wasn't pleased that sqlcipher linked in the full OpenSSL library due mostly to the size (around 500K packed) and complexity, neither of which I needed. It was pretty easy to just create my own encryption based on the same general approach as sqlcipher and used OpenSSL's AES implementation directly for the encryption and decryption. Using the optimized ASM version of the OpenSSL AES code, all of this came in at around 10K packed (including some small libs for key derivation, HMAC, etc.) and the performance is almost identical to plain vanilla sqlite. -----Original Message----- From: sqlite-users-bounces at mailinglists.sqlite.org [mailto:sqlite-users-boun...@mailinglists.sqlite.org] On Behalf Of John McKown Sent: Wednesday, April 22, 2015 11:12 AM To: General Discussion of SQLite Database Subject: Re: [sqlite] Destroy all evidence of a database On Wed, Apr 22, 2015 at 9:34 AM, Simon Slavin <slavins at bigfraud.org> wrote: > > On 22 Apr 2015, at 3:23pm, John McKown <john.archie.mckown at gmail.com> > wrote: > > > If it is > > a POSIX compliant, perhaps what you could do is create a "temporary" > > (mktemp) file of "appropriate" size. > > I had never considered that idea. Thank you very much. Unfortunately > it won't work in this situation because the people in control of the > system would either say "No virtual file systems" or leap at the idea > and insist that everyone uses virtual encrypted file systems for all > data files at all times. I'm not sure which would be worse. > > ?Oh, my condolences. I've had that type of management too. If a teaspoon of medicine is good, then a tablespoon is better, but let's just take the entire bottle and be done with it.? -- If you sent twitter messages while exploring, are you on a textpedition? He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown _______________________________________________ sqlite-users mailing list sqlite-users at mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com
