DonationCoder.com Software > N.A.N.Y. 2009

NANY 2009 TEASER: SQLite Scrub

(1/2) > >>

tranglos:
NANY 2009 Entry Information
Application Name SQLite Scrub Version not released yet Short Description Erase sensitive information from FireFox3 form, cookies and history or any other application using SQLite database for storageSupported OSes all win32 (I hope) Web Page none yet Download Link watch this space... Requirements
* None, really. The program is only useful if you are using Firefox3 or other applications that store data in an SQLite databse, e.g. Ditto (clipboard extender)
* In order to browse an SQLite database to see what it contains and what you would rather get rid of, you need a suitable utility. There are many; I recommend SQLite Spy (freeware).
* No need to speak SQL :)
Description

Firefox lets you fine-tune which passwords you want it to remember, but this flexibility does not extend to other historical data it stores, such as form history. If you choose to let Firefox remember the forms you fill out, it will remember them all, even those on secure (https) websites. For example, if you've ever entered your bank account or credit card numbers on a form, Firefox remembers them. This may or may not be a concern, but I *am* paranoid about a rogue extension that could access FF's form data and deliver it to its maker.

There was once a Firefox extension to browse and edit form data, but it's defunct now and has not been updated for Firefox 3. My NANY 2009 entry is not an extension (I could never figure out how to write one!), but the upside is twofold:

- In Firefox, it can also be used to scrub data from the cookie file and (later) the history file.

- It can work with any application that uses the popular SQLite database for storing session data. One such application is the clipboard extender Ditto, which offers no way to block certain strings from being stored.

Of course, the same effect could be achieved by installing the free SQLite commandline client and writing a few simple scripts. However, that requires some familiarity with writing SQL statements. With SQLite Scrub you don't need to know any SQL, just tell it what pieces of text you want removed from the database.

Attentive readers will have noticed (I hate that phrase, don't you?) that there's a catch: you don't want your CC number stored in Firefox database, but you have to store it in SQL Scrub's configuration of elements to delete. So isn't it rather self-defeating?

It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.

The idea is that SQLite Scrub will run at Windows startup and perform the cleanup. (It's very fast.) You can run it manually too, but in that case you need to watch for Firefox (or other supported apps) already running, since they will lock their databases and SQLite Scrub will not be able to modify them. I'm planning to add a feature to automatically close the suported application, perform the scrubbing, then restart the app.That would help, but still be suboptimal, because for example in Firefox you would lose your open tabs, etc.

Screenshot

Only a UI mockup for now, but it gives a good idea of what the finished application should look like, as well as the command set. And no, it doesn't seem to need a menu or a toolbar :) (Right-click menus though, yes.)

NANY 2009 TEASER: SQLite Scrub

Features

* Currently, it's strictly a manual configuration deal. There is an xml file where you specify what you want deleted from the database. It's easy though and there will be a step by step guidance.
* At the monent two applications are supported: Firefox3 and Ditto.
Planned Features

* Log and report the number of entries found and scrubbed
* Automatically close and restart supported applications to avoid locking conflicts
* A nice GUI for configuring the items to delete from various databases.
* I can add support for other applications - tell me what you need. (You can use SQLite Spy, the freeware utility mentioned above, to check if a particular application uses an SQLite database.)
* It's possible to add generic support for any sqlite database, but that would require a little more user involvement (you'd have to specify detailed information about the database: table and field names, for example. If you can do this, you can probably write your own SQL scripts, so SQLite Scrub may not be for you.)
Interested? Let me know. I probably won't be adding a GUI unless anyone wants to use it besides myself :)

.marek

justice:
Good idea but a GUI and some kind of rulemanagement would add to it imho.

tranglos:
Good idea but a GUI and some kind of rulemanagement would add to it imho.
-justice (December 10, 2008, 09:11 AM)
--- End quote ---

Absolutely, that's why I listed it under planned features. I can't decide on what I want it to look like, while being as simple as possible.

The program has a built-in knowledge of the layout of a particular database, so it comes with several "presets", such as "Firefox - Form history" or "Firefox - Cookies". This makes configuring it simpler, since you don't need to manually specify tables and fields; SS already knows what field to match against.

However, for each such preset you can have many rules (many patterns to delete), and for each pattern you can have many conditions (i.e.  delete records that match this condition AND match that condition...). In GUI terms, this becomes a hierarchy of collections. Very easy to express in xml, but somewhat unwieldy in a GUI.

I originally started by designing a GUI, but what I got was stacks upon stacks of dialog boxes: pick preset, create a rule, then within each rule create one or more conditions, then create another rule... So I scratched that for the moment and wrote the engine itself, driven by xml config files. At least this way I already have a semi-working app, and the GUI can come in later when I have a better grip on it.

mouser:
Tranglos!
Great to have you participating in this years NANY  :Thmbsup: :Thmbsup: :Thmbsup:

f0dder:
It isn't, because you don't have to store the complete string. If your CC number is 12345678, you can configure it as "delete any string that ends with 78" or "delete any string that contains 456". This is much safer.-tranglos (December 10, 2008, 08:14 AM)
--- End quote ---
This could end up deleting a lot of other data, though. What about "delete strings that have this SHA-512 hash" for really sensitive information?

Navigation

[0] Message Index

[#] Next page