forked from mirror/go-sqlcipher
Add: PRAGMA secure_delete
ADD: Connection PRAGMA ADD: Build tag for secure_delete mode: FAST
This commit is contained in:
parent
764e391156
commit
6a80b70b7a
|
@ -87,6 +87,7 @@ Boolean values can be one of:
|
||||||
| Mutex Locking | `_mutex` | <ul><li>no</li><li>full</li></ul> | Specify mutex mode. |
|
| Mutex Locking | `_mutex` | <ul><li>no</li><li>full</li></ul> | Specify mutex mode. |
|
||||||
| Query Only | `_query_only` | `boolean` | For more information see [PRAGMA query_only](https://www.sqlite.org/pragma.html#pragma_query_only) |
|
| Query Only | `_query_only` | `boolean` | For more information see [PRAGMA query_only](https://www.sqlite.org/pragma.html#pragma_query_only) |
|
||||||
| Recursive Triggers | `_recursive_triggers` \| `_rt` | `boolean` | For more information see [PRAGMA recursive_triggers](https://www.sqlite.org/pragma.html#pragma_recursive_triggers) |
|
| Recursive Triggers | `_recursive_triggers` \| `_rt` | `boolean` | For more information see [PRAGMA recursive_triggers](https://www.sqlite.org/pragma.html#pragma_recursive_triggers) |
|
||||||
|
| Secure Delete | `_secure_delete` | `boolean` \| `FAST` | For more information see [PRAGMA secure_delete](https://www.sqlite.org/pragma.html#pragma_secure_delete) |
|
||||||
| Shared-Cache Mode | `cache` | <ul><li>shared</li><li>private</li></ul> | Set cache mode for more information see [sqlite.org](https://www.sqlite.org/sharedcache.html) |
|
| Shared-Cache Mode | `cache` | <ul><li>shared</li><li>private</li></ul> | Set cache mode for more information see [sqlite.org](https://www.sqlite.org/sharedcache.html) |
|
||||||
| Time Zone Location | `_loc` | auto | Specify location of time format. |
|
| Time Zone Location | `_loc` | auto | Specify location of time format. |
|
||||||
| Transaction Lock | `_txlock` | <ul><li>immediate</li><li>deferred</li><li>exclusive</li></ul> | Specify locking behavior for transactions. |
|
| Transaction Lock | `_txlock` | <ul><li>immediate</li><li>deferred</li><li>exclusive</li></ul> | Specify locking behavior for transactions. |
|
||||||
|
@ -137,6 +138,7 @@ go build --tags "icu json1 fts5 secure_delete"
|
||||||
| Introspect PRAGMAS | sqlite_introspect | This option adds some extra PRAGMA statements. <ul><li>PRAGMA function_list</li><li>PRAGMA module_list</li><li>PRAGMA pragma_list</li></ul> |
|
| Introspect PRAGMAS | sqlite_introspect | This option adds some extra PRAGMA statements. <ul><li>PRAGMA function_list</li><li>PRAGMA module_list</li><li>PRAGMA pragma_list</li></ul> |
|
||||||
| JSON SQL Functions | sqlite_json | When this option is defined in the amalgamation, the JSON SQL functions are added to the build automatically |
|
| JSON SQL Functions | sqlite_json | When this option is defined in the amalgamation, the JSON SQL functions are added to the build automatically |
|
||||||
| Secure Delete | sqlite_secure_delete | This compile-time option changes the default setting of the secure_delete pragma.<br><br>When this option is not used, secure_delete defaults to off. When this option is present, secure_delete defaults to on.<br><br>The secure_delete setting causes deleted content to be overwritten with zeros. There is a small performance penalty since additional I/O must occur.<br><br>On the other hand, secure_delete can prevent fragments of sensitive information from lingering in unused parts of the database file after it has been deleted. See the documentation on the secure_delete pragma for additional information |
|
| Secure Delete | sqlite_secure_delete | This compile-time option changes the default setting of the secure_delete pragma.<br><br>When this option is not used, secure_delete defaults to off. When this option is present, secure_delete defaults to on.<br><br>The secure_delete setting causes deleted content to be overwritten with zeros. There is a small performance penalty since additional I/O must occur.<br><br>On the other hand, secure_delete can prevent fragments of sensitive information from lingering in unused parts of the database file after it has been deleted. See the documentation on the secure_delete pragma for additional information |
|
||||||
|
| Secure Delete (FAST) | sqlite_secure_delete_fast | For more information see [PRAGMA secure_delete](https://www.sqlite.org/pragma.html#pragma_secure_delete) |
|
||||||
| Tracing / Debug | sqlite_trace | Activate trace functions |
|
| Tracing / Debug | sqlite_trace | Activate trace functions |
|
||||||
|
|
||||||
# Compilation
|
# Compilation
|
||||||
|
|
34
sqlite3.go
34
sqlite3.go
|
@ -862,6 +862,10 @@ func errorString(err Error) string {
|
||||||
// _recursive_triggers=Boolean | _rt=Boolean
|
// _recursive_triggers=Boolean | _rt=Boolean
|
||||||
// Enable or disable recursive triggers.
|
// Enable or disable recursive triggers.
|
||||||
//
|
//
|
||||||
|
// _secure_delete=Boolean|FAST
|
||||||
|
// When secure_delete is on, SQLite overwrites deleted content with zeros.
|
||||||
|
// https://www.sqlite.org/pragma.html#pragma_secure_delete
|
||||||
|
//
|
||||||
// _vacuum=X
|
// _vacuum=X
|
||||||
// 0 | none - Auto Vacuum disabled
|
// 0 | none - Auto Vacuum disabled
|
||||||
// 1 | full - Auto Vacuum FULL
|
// 1 | full - Auto Vacuum FULL
|
||||||
|
@ -889,6 +893,7 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
|
||||||
lockingMode := "NORMAL"
|
lockingMode := "NORMAL"
|
||||||
queryOnly := -1
|
queryOnly := -1
|
||||||
recursiveTriggers := -1
|
recursiveTriggers := -1
|
||||||
|
secureDelete := "DEFAULT"
|
||||||
|
|
||||||
pos := strings.IndexRune(dsn, '?')
|
pos := strings.IndexRune(dsn, '?')
|
||||||
if pos >= 1 {
|
if pos >= 1 {
|
||||||
|
@ -1109,6 +1114,23 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Secure Delete (_secure_delete)
|
||||||
|
//
|
||||||
|
// https://www.sqlite.org/pragma.html#pragma_secure_delete
|
||||||
|
//
|
||||||
|
if val := params.Get("_secure_delete"); val != "" {
|
||||||
|
switch strings.ToLower(val) {
|
||||||
|
case "0", "no", "false", "off":
|
||||||
|
secureDelete = "OFF"
|
||||||
|
case "1", "yes", "true", "on":
|
||||||
|
secureDelete = "ON"
|
||||||
|
case "fast":
|
||||||
|
secureDelete = "FAST"
|
||||||
|
default:
|
||||||
|
return nil, fmt.Errorf("Invalid _recursive_triggers: %v, expecting boolean value of '0 1 false true no yes off on'", val)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !strings.HasPrefix(dsn, "file:") {
|
if !strings.HasPrefix(dsn, "file:") {
|
||||||
dsn = dsn[:pos]
|
dsn = dsn[:pos]
|
||||||
}
|
}
|
||||||
|
@ -1214,6 +1236,18 @@ func (d *SQLiteDriver) Open(dsn string) (driver.Conn, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Secure Delete
|
||||||
|
//
|
||||||
|
// Because this package can set the compile time flag SQLITE_SECURE_DELETE with a build tag
|
||||||
|
// the default value for secureDelete var is 'DEFAULT' this way
|
||||||
|
// you can compile with secure_delete 'ON' and disable it for a specific database connection.
|
||||||
|
if secureDelete != "DEFAULT" {
|
||||||
|
if err := exec(fmt.Sprintf("PRAGMA secure_delete = %s;", secureDelete)); err != nil {
|
||||||
|
C.sqlite3_close_v2(db)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
conn := &SQLiteConn{db: db, loc: loc, txlock: txlock}
|
conn := &SQLiteConn{db: db, loc: loc, txlock: txlock}
|
||||||
|
|
||||||
if len(d.Extensions) > 0 {
|
if len(d.Extensions) > 0 {
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
// Copyright (C) 2014 Yasuhiro Matsumoto <mattn.jp@gmail.com>.
|
// Copyright (C) 2014 Yasuhiro Matsumoto <mattn.jp@gmail.com>.
|
||||||
|
// Copyright (C) 2018 G.J.R. Timmer <gjr.timmer@gmail.com>.
|
||||||
//
|
//
|
||||||
// Use of this source code is governed by an MIT-style
|
// Use of this source code is governed by an MIT-style
|
||||||
// license that can be found in the LICENSE file.
|
// license that can be found in the LICENSE file.
|
||||||
|
@ -8,7 +9,7 @@
|
||||||
package sqlite3
|
package sqlite3
|
||||||
|
|
||||||
/*
|
/*
|
||||||
#cgo CFLAGS: -DSQLITE_SECURE_DELETE
|
#cgo CFLAGS: -DSQLITE_SECURE_DELETE=1
|
||||||
#cgo LDFLAGS: -lm
|
#cgo LDFLAGS: -lm
|
||||||
*/
|
*/
|
||||||
import "C"
|
import "C"
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
// Copyright (C) 2014 Yasuhiro Matsumoto <mattn.jp@gmail.com>.
|
||||||
|
// Copyright (C) 2018 G.J.R. Timmer <gjr.timmer@gmail.com>.
|
||||||
|
//
|
||||||
|
// Use of this source code is governed by an MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
// +build sqlite_secure_delete_fast
|
||||||
|
|
||||||
|
package sqlite3
|
||||||
|
|
||||||
|
/*
|
||||||
|
#cgo CFLAGS: -DSQLITE_SECURE_DELETE=FAST
|
||||||
|
#cgo LDFLAGS: -lm
|
||||||
|
*/
|
||||||
|
import "C"
|
Loading…
Reference in New Issue