Welcome Guest.   Make a donation to an author on the site July 25, 2014, 03:59:56 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2014! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: NANY 2009 TEASER: SQLite Scrub  (Read 3339 times)
tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: December 10, 2008, 08:14:04 AM »

NANY 2009 Entry Information

Application Name SQLite Scrub
Version not released yet
Short Description Erase sensitive information from FireFox3 form, cookies and history or any other application using SQLite database for storage
Supported OSes all win32 (I hope)
Web Page none yet
Download Link watch this space...
Requirements
  • None, really. The program is only useful if you are using Firefox3 or other applications that store data in an SQLite databse, e.g. Ditto (clipboard extender)
  • In order to browse an SQLite database to see what it contains and what you would rather get rid of, you need a suitable utility. There are many; I recommend SQLite Spy (freeware).
  • No need to speak SQL smiley

Description

Firefox lets you fine-tune which passwords you want it to remember, but this flexibility does not extend to other historical data it stores, such as form history. If you choose to let Firefox remember the forms you fill out, it will remember them all, even those on secure (https) websites. For example, if you've ever entered your bank account or credit card numbers on a form, Firefox remembers them. This may or may not be a concern, but I *am* paranoid about a rogue extension that could access FF's form data and deliver it to its maker.

There was once a Firefox extension to browse and edit form data, but it's defunct now and has not been updated for Firefox 3. My NANY 2009 entry is not an extension (I could never figure out how to write one!), but the upside is twofold:

- In Firefox, it can also be used to scrub data from the cookie file and (later) the history file.

- It can work with any application that uses the popular SQLite database for storing session data. One such application is the clipboard extender Ditto, which offers no way to block certain strings from being stored.

Of course, the same effect could be achieved by installing the free SQLite commandline client and writing a few simple scripts. However, that requires some familiarity with writing SQL statements. With SQLite Scrub you don't need to know any SQL, just tell it what pieces of text you want removed from the database.

Attentive readers will have noticed (I hate that phrase, don't you?) that there's a catch: you don't want your CC number stored in Firefox database, but you have to store it in SQL Scrub's configuration of elements to delete. So isn't it rather self-defeating?

It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.

The idea is that SQLite Scrub will run at Windows startup and perform the cleanup. (It's very fast.) You can run it manually too, but in that case you need to watch for Firefox (or other supported apps) already running, since they will lock their databases and SQLite Scrub will not be able to modify them. I'm planning to add a feature to automatically close the suported application, perform the scrubbing, then restart the app.That would help, but still be suboptimal, because for example in Firefox you would lose your open tabs, etc.

Screenshot

Only a UI mockup for now, but it gives a good idea of what the finished application should look like, as well as the command set. And no, it doesn't seem to need a menu or a toolbar smiley (Right-click menus though, yes.)



Features
  • Currently, it's strictly a manual configuration deal. There is an xml file where you specify what you want deleted from the database. It's easy though and there will be a step by step guidance.
  • At the monent two applications are supported: Firefox3 and Ditto.

Planned Features
  • Log and report the number of entries found and scrubbed
  • Automatically close and restart supported applications to avoid locking conflicts
  • A nice GUI for configuring the items to delete from various databases.
  • I can add support for other applications - tell me what you need. (You can use SQLite Spy, the freeware utility mentioned above, to check if a particular application uses an SQLite database.)
  • It's possible to add generic support for any sqlite database, but that would require a little more user involvement (you'd have to specify detailed information about the database: table and field names, for example. If you can do this, you can probably write your own SQL scripts, so SQLite Scrub may not be for you.)

Interested? Let me know. I probably won't be adding a GUI unless anyone wants to use it besides myself smiley

.marek
« Last Edit: December 14, 2008, 06:53:54 AM by tranglos » Logged

justice
Supporting Member
**
Posts: 1,885



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: December 10, 2008, 09:11:51 AM »

Good idea but a GUI and some kind of rulemanagement would add to it imho.
Logged

tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: December 10, 2008, 09:39:22 AM »

Good idea but a GUI and some kind of rulemanagement would add to it imho.

Absolutely, that's why I listed it under planned features. I can't decide on what I want it to look like, while being as simple as possible.

The program has a built-in knowledge of the layout of a particular database, so it comes with several "presets", such as "Firefox - Form history" or "Firefox - Cookies". This makes configuring it simpler, since you don't need to manually specify tables and fields; SS already knows what field to match against.

However, for each such preset you can have many rules (many patterns to delete), and for each pattern you can have many conditions (i.e.  delete records that match this condition AND match that condition...). In GUI terms, this becomes a hierarchy of collections. Very easy to express in xml, but somewhat unwieldy in a GUI.

I originally started by designing a GUI, but what I got was stacks upon stacks of dialog boxes: pick preset, create a rule, then within each rule create one or more conditions, then create another rule... So I scratched that for the moment and wrote the engine itself, driven by xml config files. At least this way I already have a semi-working app, and the GUI can come in later when I have a better grip on it.
Logged

mouser
First Author
Administrator
*****
Posts: 33,180



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: December 10, 2008, 10:30:54 AM »

Tranglos!
Great to have you participating in this years NANY  Thmbsup Thmbsup Thmbsup
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: December 10, 2008, 11:07:09 AM »

It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.
This could end up deleting a lot of other data, though. What about "delete strings that have this SHA-512 hash" for really sensitive information?
Logged

- carpe noctem
tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: December 10, 2008, 11:59:42 AM »

It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.
This could end up deleting a lot of other data, though.

True. I admit I haven't been too concerned about this, because all the form data in Firefox, or the clips in Ditto, are not really critical pieces of information, they're just a convenience. One way to limit the potential for destruction is to have multiple conditions (where clauses) for each item to delete, e.g. text must begin with foo and end with bar. This is already implemented. At the same time, I was thinking of removing this feature and allowing only one condition per deletion rule, since it would simplify the UI greatly.


What about "delete strings that have this SHA-512 hash" for really sensitive information?

Great idea, thanks! It would slow down the operation somewhat, since the program would have to traverse whole tables, without using indexes (the same would apply to regexps) - but then such tables tend not to be very large. This feature probably won't make the initial release, but it's definitely a to-do.
Logged

tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: December 13, 2008, 09:32:03 PM »

(deleted, screenshot is now in the top post)
« Last Edit: December 14, 2008, 06:55:17 AM by tranglos » Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.037s | Server load: 0.02 ]