[sqlite] sqlite3 file as database
Microsoft security best practices is never to name anything .db They recommend obfuscating the function of the file and putting some strange or random (.bob) file extension. This is for when you have an active intrusion, you are not handing them what to take on a silver platter. You could argue the same applies to SQLite file naming conventions as well. > Why do people use .db3 for sqlite database files? In my experience > .db3 is the file extension for dBase III database files.
[sqlite] Rare database corruption - does this help?
I assume nothing in the Server logs for security and applications at the corresponding time? -Original Message- The environment is Windows Server 2012 R2, with the database on a local NTFS drive.
[sqlite] Lawyers, encryption, and RC4
"Several operating systems include arc4random, an API originating in OpenBSD providing access to a random number generator originally based on RC4. In OpenBSD 5.5, released in May 2014, arc4random was modified to use ChaCha20.[11][12] As of January 2015, implementation of arc4random in NetBSD[13][14] also uses ChaCha20, however, implementation of arc4random in FreeBSD,[15] Linux's libbsd,[16] and Mac OS X[17] are still based on RC4." Sourced: https://en.wikipedia.org/wiki/RC4 If you point out to your lawyers that SQLite is not doing anything that Apple's OS X is doing, you may get some traction as well. -Original Message- From: sqlite-users-boun...@mailinglists.sqlite.org [mailto:sqlite-users-bounces at mailinglists.sqlite.org] On Behalf Of Richard Hipp Sent: Tuesday, August 11, 2015 10:11 AM To: General Discussion of SQLite Database Subject: Re: [sqlite] Lawyers, encryption, and RC4 No. The RC4 encryption algorithm consists of three subcomponents: (1) Key management logic (2) The pseudo-random number generator (PRNG) (3) The encoder/decoder SQLite only implements (2). It omits (1) and (3). And hence, the RC4 kernel inside of SQLite cannot be used for encryption. -- D. Richard Hipp drh at sqlite.org ___ sqlite-users mailing list sqlite-users at mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Lawyers, encryption, and RC4
Have you found yourself in an ITAR mess? https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States The length of the keys is usually the determining factor for EAR. I'm not an expert, but I'm guessing that is why they are concerned. -Original Message- From: sqlite-users-boun...@mailinglists.sqlite.org [mailto:sqlite-users-bounces at mailinglists.sqlite.org] On Behalf Of Eric Hill Sent: Tuesday, August 11, 2015 8:31 AM To: General Discussion of SQLite Database Subject: [sqlite] Lawyers, encryption, and RC4 Sorry to bother folks with this. We're getting some pushback from our lawyers suggesting that SQLite's use of RC4 even just to generate random numbers is, in their minds, encryption for export purposes. Now, this makes absolutely no sense to me, I can assure you, and I am not finding anything online that would suggest that is a valid position, but I'm wondering if this has come up before and if you have any good ammunition for dealing with such an argument. Thanks, Eric ___ sqlite-users mailing list sqlite-users at mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
