On Wed, Apr 22, 2015 at 2:07 PM, Simon Slavin <slavins at bigfraud.org> wrote:
>
> On 22 Apr 2015, at 7:18pm, Scott Hess <shess at google.com> wrote:
>
> > The only way SQLite can get to the disk is using the vfs, so if the
> > vfs encrypts things, all of the files (main db, temp db, journal,
> > everything) will be encrypted.
>
> Guys. Guys. Guys. My app doesn't have access to any level below
> standard file system calls. This is a highly secure system. Any calls
> which talk directly to hardware (e.g. turn the caps lock light on, access
> SMART diagnostics, try to count the number of displays) will fail because
> my app isn't allowed to do that stuff. Any attempt from my app to mount
> anything will fail. My app has access to just GUI and files. I don't have
> to worry about the security setup at OS level, merely not leave files about
> with sensitive information in them.
>
> I know a lot about computer security -- problems with drivers and caching
> and a ton of stuff I won't discuss here. I asked a question on this list
> because I wanted details of what SQLite does. Probably stuff I could get
> if I knew SQLite source code well. I just don't have time to read and
> understand the right parts of the SQLite source.
>
> And no, it's not Windows. Or any operating system more than perhaps a
> couple of you have knowingly used.
>
> Simon.
>
?Well, the best that I can think of is to have your application create a
new, randomly named, directory. Make that the current working directory. Do
all your SQLite work in that directory. Just before exiting, delete _all_
files in the directory, then change to the parent directory ( chdir("..") )
and delete the subdirectory entry. From a quick look at the source, SQLite
does not put any file in any directory other than the current working
directory, unless the application code specifies a specific directory.
--
If you sent twitter messages while exploring, are you on a textpedition?
He's about as useful as a wax frying pan.
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown
