Simon, thanks never heard of secure_delete, interesting, but probably no use in case of VFS Layer that leaves only encrypted data on disk. As for zero-malloc option, it looks promising.
On Mon, Oct 24, 2016 at 1:34 PM, Simon Slavin <slav...@bigfraud.org> wrote: > > On 24 Oct 2016, at 9:58am, Max Vlasov <max.vla...@gmail.com> wrote: > >> in an application that implements encryption/decryption with VFS, what >> is the best way to ensure that the memory of the application doesn't >> contain decrypted data after the database is closed. > > We can't answer about memory that your own application handles, of course. > > To ensure zeroing out of memory I suggest you use the zero-malloc option as > provided by SQLite's memory allocator. For more details on them see sections > 3.1.4 and 3.1.5 of > > <https://www.sqlite.org/malloc.html> > > It's also worth noting here that SQLite has the following PRAGMA: > > PRAGMA schema.secure_delete = boolean > > which zeros space in files. However I don't remember this working by zeroing > out the memory copy of the file then writing that block to disk. > > Simon. > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
