On 22 Apr 2015, at 7:18pm, Scott Hess <shess at google.com> wrote: > The only way SQLite can get to the disk is using the vfs, so if the > vfs encrypts things, all of the files (main db, temp db, journal, > everything) will be encrypted.
Guys. Guys. Guys. My app doesn't have access to any level below standard file system calls. This is a highly secure system. Any calls which talk directly to hardware (e.g. turn the caps lock light on, access SMART diagnostics, try to count the number of displays) will fail because my app isn't allowed to do that stuff. Any attempt from my app to mount anything will fail. My app has access to just GUI and files. I don't have to worry about the security setup at OS level, merely not leave files about with sensitive information in them. I know a lot about computer security -- problems with drivers and caching and a ton of stuff I won't discuss here. I asked a question on this list because I wanted details of what SQLite does. Probably stuff I could get if I knew SQLite source code well. I just don't have time to read and understand the right parts of the SQLite source. And no, it's not Windows. Or any operating system more than perhaps a couple of you have knowingly used. Simon.
