Actually, I assumed SQLite made the duplicates / alternates, it may well 
have been the anti-virus doing it. I doubt anything else had a motive 
though.

On 2015-04-22 06:20 PM, R.Smith wrote:
>
>
> On 2015-04-22 05:56 PM, Simon Slavin wrote:
>> On 22 Apr 2015, at 4:46pm, Michael Stephenson <domehead100 at gmail.com> 
>> wrote:
>>
>>> Simon, if the data in the database is sensitive, could you encrypt 
>>> the database (ala something like https://www.zetetic.net/sqlcipher/)?
>> Unfortunately, this doesn't help.  I'm not concerned with the 
>> database file itself.  I know exactly what that's called, and I can 
>> check it has been correctly deleted.  I'm concerned with the data in 
>> several external files that SQLite creates and deletes as it does its 
>> work.  Some of those would contain unencrypted data.  And some of 
>> them have unpredictable names, or, at least since the filenames are 
>> not documented they may change in future versions of SQLite.
>>
>> You have made me realise, however, that a nice attack against 
>> encrypted SQLite databases might be to crash a SQLite application 
>> while it's processing and examine any journal files, shared memory 
>> file and temporary index files.  It might be interesting to review 
>> the various encryption systems widely available for SQLite and figure 
>> out which of them would be vulnerable to such an attack.
>
> I've experienced some things you may need to take note of. I've had 
> SQLite files created and amended on a Windows system with an 
> anti-virus that held on to the journal files making them either 
> read-only or not-deletable. (I did not check nor cared which, my 
> solution was to remove the anti-virus).  The point is that when this 
> happened, SQLite made duplicate/alternate journal files with what 
> seemed to be random hashes in the name near the end. (Who knows if 
> they were random, hashes all look random).
>
> These files were often empty (0-byte-length) after a session but 
> whatever writings went on in there certainly still reflected on the 
> disk surface.
>
> Maybe a dev can shed more light - I do not know the mechanism for this 
> - but I do know it was easy to find and remove them for me, they 
> always had the same base name as the DB file with some extra bits 
> (what seemed like a hash) sprinkled on at the end and terminating in 
> the usual journal extensions.
>
> This was not a great concern for me so my observations/research is 
> full of holes and unknowns, but I know that it happened.
>
> Good luck.
> Ryan
>
> _______________________________________________
> sqlite-users mailing list
> sqlite-users at mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to