Bug#555955: xulrunner-1.9.1: cookies.sqlite not cleared using sqlite secure delete when private data cleared
Mike Hommey
mh at glandium.org
Thu Nov 12 22:59:39 UTC 2009
On Thu, Nov 12, 2009 at 02:49:44PM -0800, Josh Triplett wrote:
> On Thu, Nov 12, 2009 at 11:47:01PM +0100, Mike Hommey wrote:
> > On Thu, Nov 12, 2009 at 02:42:12PM -0800, Josh Triplett wrote:
> > > > Yes, but there is a remove all cookies in the cookies list. If you do
> > > > that in a new profile with new cookies, are they properly "securely"
> > > > deleted ?
> > >
> > > I just tested that, and no, that doesn't work either. Starting from no
> > > data in cookies.sqlite, I visited google.com, closed Iceweasel,
> > > confirmed that a couple of cookies appear in cookies.sqlite, opened
> > > Iceweasel, used "Remove all cookies", closed Iceweasel, and confirmed
> > > that the cookies still appear in cookies.sqlite even though moz_cookies
> > > has no rows.
> >
> > That's really weird, because there is nothing I can see at first hand in
> > the mozilla code that differs between the various .sqlite files. So it
> > looks like this could be a sqlite bug. Have you tried to remove the
> > lines with sqlite3 itself ?
>
> Yes, "sqlite3 cookies.sqlite vacuum" does wipe the data.
Except that vacuum is not the one, you should try a delete statement.
(vacuum is not used in mozilla, except in expiry of form history, when
it is big)
Mike
More information about the pkg-mozilla-maintainers
mailing list