NANY 2009 Entry Information
|Application Name||SQLite Scrub|
|Version||not released yet|
|Short Description||Erase sensitive information from FireFox3 form, cookies and history or any other application using SQLite database for storage|
|Supported OSes||all win32 (I hope)|
|Web Page||none yet|
|Download Link||watch this space...|
Firefox lets you fine-tune which passwords you want it to remember, but this flexibility does not extend to other historical data it stores, such as form history. If you choose to let Firefox remember the forms you fill out, it will remember them all, even those on secure (https) websites. For example, if you've ever entered your bank account or credit card numbers on a form, Firefox remembers them. This may or may not be a concern, but I *am* paranoid about a rogue extension that could access FF's form data and deliver it to its maker.
There was once a Firefox extension to browse and edit form data, but it's defunct now and has not been updated for Firefox 3. My NANY 2009 entry is not an extension (I could never figure out how to write one!), but the upside is twofold:
- In Firefox, it can also be used to scrub data from the cookie file and (later) the history file.
- It can work with any application that uses the popular SQLite database for storing session data. One such application is the clipboard extender Ditto, which offers no way to block certain strings from being stored.
Of course, the same effect could be achieved by installing the free SQLite commandline client and writing a few simple scripts. However, that requires some familiarity with writing SQL statements. With SQLite Scrub you don't need to know any SQL, just tell it what pieces of text you want removed from the database.
Attentive readers will have noticed (I hate that phrase, don't you?) that there's a catch: you don't want your CC number stored in Firefox database, but you have to store it in SQL Scrub's configuration of elements to delete. So isn't it rather self-defeating?
It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.
The idea is that SQLite Scrub will run at Windows startup and perform the cleanup. (It's very fast.) You can run it manually too, but in that case you need to watch for Firefox (or other supported apps) already running, since they will lock their databases and SQLite Scrub will not be able to modify them. I'm planning to add a feature to automatically close the suported application, perform the scrubbing, then restart the app.That would help, but still be suboptimal, because for example in Firefox you would lose your open tabs, etc.
Only a UI mockup for now, but it gives a good idea of what the finished application should look like, as well as the command set. And no, it doesn't seem to need a menu or a toolbar (Right-click menus though, yes.)
- Currently, it's strictly a manual configuration deal. There is an xml file where you specify what you want deleted from the database. It's easy though and there will be a step by step guidance.
- At the monent two applications are supported: Firefox3 and Ditto.
- Log and report the number of entries found and scrubbed
- Automatically close and restart supported applications to avoid locking conflicts
- A nice GUI for configuring the items to delete from various databases.
- I can add support for other applications - tell me what you need. (You can use SQLite Spy, the freeware utility mentioned above, to check if a particular application uses an SQLite database.)
- It's possible to add generic support for any sqlite database, but that would require a little more user involvement (you'd have to specify detailed information about the database: table and field names, for example. If you can do this, you can probably write your own SQL scripts, so SQLite Scrub may not be for you.)
Interested? Let me know. I probably won't be adding a GUI unless anyone wants to use it besides myself