On Wed, 22 Apr 2015 20:07:45 +0100 Simon Slavin <slavins at bigfraud.org> wrote:
> > On 22 Apr 2015, at 7:18pm, Scott Hess <shess at google.com> wrote: > > > The only way SQLite can get to the disk is using the vfs, so if the > > vfs encrypts things, all of the files (main db, temp db, journal, > > everything) will be encrypted. > > Guys. Guys. Guys. My app doesn't have access to any level below > standard file system calls. This is a highly secure system. Any > calls which talk directly to hardware (e.g. turn the caps lock light > on, access SMART diagnostics, try to count the number of displays) > will fail because my app isn't allowed to do that stuff. Any attempt > from my app to mount anything will fail. My app has access to just > GUI and files. I don't have to worry about the security setup at OS > level, merely not leave files about with sensitive information in > them. You can reference count the number of files it creates and deletes. If it creates more files than it deletes, you have a problem. It doesn't involve big changes in sqlite vfs code and even may be implemented in sqlite3 core code as a debug feature. > > Simon. --- --- Eduardo Morras <emorrasg at yahoo.es>
