enable secure delete on all encrypted databases

2025-02-23 09:18:11 +00:00 · 2012-05-18 02:22:40 -04:00 · 2012-05-18 02:22:40 -04:00 · c2f7cd7926
commit c2f7cd7926
parent 0e8cdf4b25
2 changed files with 9 additions and 2 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@ -239,6 +239,11 @@ int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {

    codec_set_btree_to_codec_pagesize(db, pDb, ctx);

+    /* force secure delete. This has the benefit of wiping internal data when deleted
+       and also ensures that all pages are written to disk (i.e. not skipped by
+       sqlite3PagerDontWrite optimizations) */ 
+    sqlite3BtreeSecureDelete(pDb->pBt, 1); 
+
    /* if fd is null, then this is an in-memory database and
       we dont' want to overwrite the AutoVacuum settings
       if not null, then set to the default */
--- a/test/crypto.test
+++ b/test/crypto.test
@ -271,7 +271,9 @@ file delete -force test.db
 # delete another 50%
 # then rekey it. Make sure it is immediately
 # readable. Then close it and make sure it can be
-# read back 
+# read back. This test will ensure that Secure Delete
+# is enabled and all pages are being written and are not
+# being optimized out by sqlite3PagerDontWrite
 do_test rekey-delete-and-query-1 {
  sqlite_orig db test.db

@ -311,7 +313,7 @@ do_test rekey-delete-and-query-1 {
    PRAGMA rekey = 'test321';
    SELECT count(*) > 1 FROM t1;
  }
-} {}
+} {1}
 db close
 file delete -force test.db