Re: [sqlite] Encryption and fixed header values (was Re: [sqlite] Why can i open a textfile?)

[Mrs. Brisby]

On Wed, 2005-08-24 at 22:55 -0400, D. Richard Hipp wrote:
>   Weaknesses in RC4 have been found where
> the first few numbers coming out of the PRNG leak information about the
> key.  If an attacker can guess the first few bytes of plaintext, and
> hence guess the first few numbers from the PRNG, and can do this many
> many times (millions of times) then the attacker can eventually
> reconstruct
> the key.

I noticed this. You understate how much it helps. The first few cycles
of RC4 are so bad that key recovery is easy for modern general purpose
computers.

> The usual defense against this attack (and the one used by SQLite)
> is to discard the first 1000 bytes or so of information coming out
> of the PRNG.  No key information leaks into later bytes of the
> PRNG stream (at least as far as we know) so this secures the cypher
> from attack.

It doesn't need to leak information about the key. A combination
known-plaintext and known-ciphertext attack works very well against RC4.

http://groups.google.com/group/sci.crypt/browse_frm/thread/2716ac20a3fc9971/64eba041932a98ae?lnk=st=1=en

Since the header is well known, convincing the program to encrypt the
database (by say, making a change to it) several times allows the user
to collect some known-plaintext and lots of ciphertext very quickly.

The usual defense against this attack is to mix some random information
into the beginning of the plaintext.

A better defense: use a different key each time. Encrypt the session key
separately.

Re: [sqlite] Linking to SQLite with Cygwin / CMake

[Kiel W.]

Ok, I'm definately thinking this is just a problem with my understanding 
of the build process in *nix's and the quirks of Cygwin.


I am getting the following warning with the default Makefile that is 
generated.
"libtool: link: warning: undefined symbols not allowed in i686-pc-cygwin 
shared libraries"


I found that this is because Windows(r) dlls can't have undefined 
symbols in them and the warning can be removed with the following flag: 
'-no-undefined'.  This also generates some other information that is not 
helpful to me (probably someone else).  However, this didn't seem to 
produce a static library (either .a or .lib).


I ran across the 'make sqlite3.dll' target in the make file and tried 
that. It succeeded without any problems and generated a .dll.  I tried 
the companion 'make sqlite3.lib' and this fails because it can't find 
impdef/implib/lib.


If anyone as other suggestions, or steps to build a static lib under 
Cygwin I'd appreciate it, otherwise I may just bite the bullet and see 
about going the shared libary route.


-- Kiel

RE: [sqlite] Linking to SQLite with Cygwin / CMake

[Reid Thompson]

Doug Currie wrote:
>> I downloaded the raw source and ran 'configure' and 'make' from a
>> separate folder.  The resulting output I copied to /usr/lib/sqlite.
>> In it a see the bunch of .lo, .o and the two .la files
>> (libsqlite3.la, libtclsqlite3.la)

using cygwin ( when i built sqlite3 from the source, it used
--prefix=/usr/local )

WS-XP-4960: /home/rthompso> 
$ gcc -Wall  sqlite3tst.c -o testsqlite3  -lsqlite3
sqlite3tst.c:4: warning: unused parameter 'argc'
sqlite3tst.c:4: warning: unused parameter 'argv'
WS-XP-4960: /home/rthompso> 
$ cat sqlite3tst.c
#include 
#include 

int main (int argc, char **argv) {

  sqlite3 *pilotLog;
  
  sqlite3_open("logbook.dat",  );

  sqlite3_close(pilotLog);

  return 0;
}


reid

Re: [sqlite] Please test prior to version 3.1.5. Was: Delete crashes with Version 3.2.4 in Windows XP

[Jolan Luff]

On Wed, Aug 24, 2005 at 10:08:21AM -1000, Glen Nakamura wrote:
> On Wed, Aug 24, 2005 at 02:50:04PM -0500, Jolan Luff wrote:
> > OpenBSD/amd64 with gcc 3.3.5.  I noticed that with 3.2.2 it was possible
> > to run "make test" without having done "make" first and this is no
> > longer the case with CVS HEAD.
> 
> The problem could be the following lines in Makefile.in:
> 
> # In LIBOBJ but not TESTSRC
> COMMONOBJ = $(foreach obj,$(LIBOBJ),\
>   $(if $(findstring $(patsubst %.lo,%.c,$(obj)),$(TESTSRC)),,$(obj)))
> 
> This is the patch which added these lines:
> http://www.sqlite.org/cvstrac/filediff?f=sqlite/Makefile.in=1.130=1.131
> 
> Possible GNU-make-ism.  I don't think BSD make supports functions
> like foreach.  You'll need to build with gmake unless the above lines
> are rewritten to be compatible with BSD make.

Using GNU make instead of BSD make does let things work again.  Usually
BSD make is pretty good about detecting GNU make idioms and erroring out
gracefully but apparently not this time.

Thanks for the hint.

Re: [sqlite] Linking to SQLite with Cygwin / CMake

[Doug Currie]

KW> I downloaded the raw source and ran 'configure' and 'make' from a
KW> separate folder.  The resulting output I copied to /usr/lib/sqlite.  In
KW> it a see the bunch of .lo, .o and the two .la files (libsqlite3.la,
KW> libtclsqlite3.la)

KW> I am use to a Visual Studio build environment, but from what I 
KW> understand this is all I need.  Please correction me if that assumption
KW> is wrong.

Visual Studio is not designed to use static libraries built by Cygwin.

Either build the library with Visual Studio by using the preprocessed
sources at http://www.sqlite.org/sqlite-source-3_2_4.zip
Or build the library with Cygwin and use Cygwin for your own code as
well.

KW> I'm unsure what direction to go at this point and would appreciate any
KW> guidance - whether it is a complete change of direction or not.  I would
KW> rather not use a .dll because I don't want my code to have to handle the
KW> loading; I may change this later or if it is the recommendation of those
KW> wiser =)

With DLLs at least you can share between Cygwin and Visual Studio
(although you have to build a .lib file for VS to be happy). However
there is no reason you can't either use a static library as described
above, or simply include the sqlite source code in your project.

See http://www.sqlite.org/cvstrac/wiki?p=HowToCompile for more hints.

e

Re: [sqlite] Linking to SQLite with Cygwin / CMake

[Kiel Wadner]

Jay Sprenkle wrote:


undefined reference at link time is usually a missing library. I think
you're using
linux? 


I'm actually Cgywin is a linux emulation layer.. from their site:
"Cygwin is a Linux-like environment for Windows.
It consists of two parts: A DLL (cygwin1.dll) which acts as a Linux API 
emulation layer providing substantial Linux API functionality.

A collection of tools, which provide Linux look and feel."

So you are partly correct.  It doesn't appear I have 'ldconfig' in 
Cygwin.Perhaps this is the root of my problem but I don't believe so.


Am I correct in saying I would NOT get this error if it was simply a 
matter of mixing debug and release information?

[sqlite] aggregate funtion in the TCL binding

[Ramon Ribó]

  Hello,
 
  It also looks to my that the interface should be something as as simple as:
 
  db aggregate_function step_func final_func
 
 
> But it seemed to me that all  it should take is to create a normal TCL
 > function to be called for each  row selected (say, to compute the sums
 > and squares  and products), with  some initialization code  run before
 > the select, and some more code to run when the select is done (say, to
 > compute the correlation coeffiecient between two columns).
 
I would like to expain the type of problem that I am trying to solve in order to
recieve comments and opinions about its feasibility.
 
I work in the field of computer simulation for engineering, notably Finite
Element analysis. These types of problems have traditionally been solved
programming in either FORTRAN or C/C++ due to the big amount of
data to deal with and that they are very computer intensive. One run can
be of minutes, hours or even days.
 
The approach has some disadvantages. For example, the amount of developing
time just dedicated to deal with data structs is huge and also, any change
to the logic of the program can require a big amount of programming.
 
I want to experiment with a new way of dealing with the problem, by using
sqlite and a mixure of C++ and TCL.
 
Instead of just fetch data from the database and operate on it, I want to try
a different approach: make the process database driven.
 
So, instead of:
 
 loop on "select "
 do my algorithm
 end loop
 
I want to try something like:
 
   db eval {
select add_elem_k_triangle(e.num,
e.euler1,e.euler2,e.euler3,
m.units,m.thickness,m.specific_weight,m.E,m.nu,
n1.num*6,n2.num*6,n3.num*6,
n1.x,n1.y,n1.z,n2.x,n2.y,n2.z,n3.x,n3.y,n3.z)
from elements_triangles as e
join material_isotropic_shell as m on m.num = e.mat
join nodes as n1 on e.c1 = n1.num
join nodes as n2 on e.c2 = n2.num
join nodes as n3 on e.c3 = n3.num
}
 
  where function "add_elem_k_triangle" is the one that make the
real algorithm work and can be implemented either in TCL or in C++
 
Currently "add_elem_k_triangle" is a normal function that operates on
external structures and has nothing to return for every element. I think
that in this case, it would be better that "add_elem_k_triangle" was an
aggregate function that returned something trivial, like the number of
elements that has operated with. In this way, A lot of void returns could
be avoided.
 
I understand that it is not simple to explain a problem like this in a few
lines but I hope that some "big picture" has been given.
 
> What version are you looking at?  The latest Tcl bindings already
> do this.
 
 I looked at version 3.2.1 and the code is:
 
static void tclSqlFunc(sqlite3_context *context, int argc, sqlite3_value**argv){
  SqlFunc *p = sqlite3_user_data(context);
  Tcl_DString cmd;
  int i;
  int rc;
 
  Tcl_DStringInit();
  Tcl_DStringAppend(, p->zScript, -1);
  for(i=0; iinterp, Tcl_DStringValue());
  if( rc ){
sqlite3_result_error(context, Tcl_GetStringResult(p->interp), -1); 
  }else{
sqlite3_result_text(context, Tcl_GetStringResult(p->interp), -1, 
SQLITE_TRANSIENT);
  }
}
 
So, it uses strings for the arguments.
 
  Best regards,
 






Compass Ing. y Sistemas

Dr. Ramon Ribó


http://www.compassis.com  

[EMAIL PROTECTED]  


c/ Tuset, 8 7-2

tel. +34 93 218 19 89


08006 Barcelona, Spain

fax. +34 93 396 97 46

 

 

Re: [sqlite] Linking to SQLite with Cygwin / CMake

[Jay Sprenkle]

On 8/24/05, Kiel Wadner <[EMAIL PROTECTED]> wrote:
> This is almost a general programming question, but any help would be
> appreciated.
> 
> Root Problem:
> /home/kiel/development/omms/output/libdbWrapper.a(dbwrapper.o): In
> function `_ZN3srs9DbWrapper4openERKSs':
> /home/kiel/development/omms/src/dbwrapper/dbwrapper.cpp:49: undefined
> reference to `_sqlite3_open'

undefined reference at link time is usually a missing library. I think
you're using
linux? It's probably the linker doesn't know which directory to look
for the library.
Try reading the output from 'man ldconfig' or check the 'see also' section of
'man ld' to find out what your particular system uses to manage where it finds
libraries.

Re: [sqlite] Duration of reading records seems longer when sortedas not.

[Edwin Knoppert]

I'm using 3.2.1 and have no index.
Note that i'm not talking about the query itself but the data retrieval.



- Original Message - 
From: "D. Richard Hipp" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, August 25, 2005 2:59 PM
Subject: Re: [sqlite] Duration of reading records seems longer when sortedas 
not.




On Thu, 2005-08-25 at 05:56 -0700, Cory Nelson wrote:

I believe the recent release can use an index for sorting, so you may
want to try that.



To clarify:  SQLite has been able to use indices for sorting
for a long time - going back to version 2.5.1 on 2002-June-19.
Recent releases just do a better job of it.
--
D. Richard Hipp <[EMAIL PROTECTED]>

Re: [sqlite] Duration of reading records seems longer when sorted as not.

[D. Richard Hipp]

On Thu, 2005-08-25 at 05:56 -0700, Cory Nelson wrote:
> I believe the recent release can use an index for sorting, so you may
> want to try that.
> 

To clarify:  SQLite has been able to use indices for sorting
for a long time - going back to version 2.5.1 on 2002-June-19.
Recent releases just do a better job of it.
-- 
D. Richard Hipp <[EMAIL PROTECTED]>

Re: [sqlite] Duration of reading records seems longer when sorted as not.

[Cory Nelson]

I believe the recent release can use an index for sorting, so you may
want to try that.

On 8/25/05, Edwin Knoppert <[EMAIL PROTECTED]> wrote:
> 
> FYI:
> 
> Duration of reading records seems longer when sorted as not.
> ~600 rec's in 500ms instead of 2400 (also ~500ms)
> I'm not talking about prepare but the data retrieval per record.
> 
> 


-- 
Cory Nelson
http://www.int64.org

[sqlite] Duration of reading records seems longer when sorted as not.

[Edwin Knoppert]

FYI:

Duration of reading records seems longer when sorted as not.
~600 rec's in 500ms instead of 2400 (also ~500ms)
I'm not talking about prepare but the data retrieval per record.

Re: [sqlite] Why can i open a textfile?

[Edwin Knoppert]

Maybe we should explain the term 'wrapper'.
I'm using wrappers around the salite dll in my own code.
But a wrapper might be seen over here as additional library (dll or so) 
others can use.

A redistribute part, which i don't like.
(Like the VB 'wrapper' dll)


- Original Message - 
From: "Walter Meerschaert" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, August 25, 2005 3:43 AM
Subject: Re: [sqlite] Why can i open a textfile?



D. Richard Hipp wrote:

Most people who are using SQLite successfully have, I imagine, either 
written their own wrappers around the core API  (which

is not hard as I do provide you with a lot of helper routines
such as sqlite3_vmprintf and friends) or they are using an existing
wrapper written by someone else.
Indeed I wrote a thin wrapper when I started using SQLite 6 months ago. I 
now retract my request for more control over the open function, as one of 
the features of SQLite that I really liked was that it didn't have an 
extensive set of "features". I can and will implement the read/only and 
exclusive tests in my own open wrapper, and return or throw where 
appropriate.