On 2015-04-22 05:56 PM, Simon Slavin wrote: > On 22 Apr 2015, at 4:46pm, Michael Stephenson <domehead100 at gmail.com> > wrote: > >> Simon, if the data in the database is sensitive, could you encrypt the >> database (ala something like https://www.zetetic.net/sqlcipher/)? > Unfortunately, this doesn't help. I'm not concerned with the database file > itself. I know exactly what that's called, and I can check it has been > correctly deleted. I'm concerned with the data in several external files > that SQLite creates and deletes as it does its work. Some of those would > contain unencrypted data. And some of them have unpredictable names, or, at > least since the filenames are not documented they may change in future > versions of SQLite. > > You have made me realise, however, that a nice attack against encrypted > SQLite databases might be to crash a SQLite application while it's processing > and examine any journal files, shared memory file and temporary index files. > It might be interesting to review the various encryption systems widely > available for SQLite and figure out which of them would be vulnerable to such > an attack.
I've experienced some things you may need to take note of. I've had SQLite files created and amended on a Windows system with an anti-virus that held on to the journal files making them either read-only or not-deletable. (I did not check nor cared which, my solution was to remove the anti-virus). The point is that when this happened, SQLite made duplicate/alternate journal files with what seemed to be random hashes in the name near the end. (Who knows if they were random, hashes all look random). These files were often empty (0-byte-length) after a session but whatever writings went on in there certainly still reflected on the disk surface. Maybe a dev can shed more light - I do not know the mechanism for this - but I do know it was easy to find and remove them for me, they always had the same base name as the DB file with some extra bits (what seemed like a hash) sprinkled on at the end and terminating in the usual journal extensions. This was not a great concern for me so my observations/research is full of holes and unknowns, but I know that it happened. Good luck. Ryan
