Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Secure deletion of databases

1 view

Skip to first unread message

Ori Maoz

unread,

Feb 20, 2003, 2:20:24 AM2/20/03

Hi,

I am searching for a way to securely wipe out databases under WinCE 3 and
PocketPC. Unfortunately it seems that the only documented way to access the
databases is with the RAPI database functions. Since simply deleting records
is clearly not enough, I thought of trying to overwrite them with same-sized
zeroed-out records.
However, I know next to nothing about the internal database implementation
so I don't even know if this will even physically replace the original
record in memory. It is also mentioned that CE compresses its database
records so even if it does replace the record I can't guarantee that they
will be the same size (i.e. that it will totally overwrite it).

Does anyone know a bit about the database internals, or have any idea on how
I could tack this?

Thanks in advance,
Ori Maoz
(to reply by email, please remove "plznospam" from the sender address)

Susan Loh [MS]

unread,

Mar 10, 2003, 1:57:20 PM3/10/03

So, by "securely" you mean you don't want any fragments of the data to
remain on the device? The object store might keep the data around for a
while, and it would be difficult to make sure it's completely wiped out.
You could delete all of the records and write a bunch of new ones until you
exceed the amount of data you deleted -- The dwSize value in CEDBASEINFO
tells you how much space is actually taken by the compressed data, so you
could keep querying that as you write new data. That will do a pretty good
job of overwriting the old data, but I wouldn't really guarantee that all of
the old data is gone. There might be a DWORD here or there that is
uninitialized (= still contains old data). The only way I can think of
guaranteeing that the data is really gone, is by putting the data into a
separate database volume (a separate file) and writing your own file system
that can securely store and erase the entire file.

Sue
sl...@microsoft.com (remove "online" from reply-to address)
[Formerly susa...@microsoft.com]
_____________________________________________________________
This posting is provided "AS IS" with no warranties, and confers no rights.
_____________________________________________________________
Windows Embedded DevWire
(http://www.microsoft.com/windows/embedded/devwire/)
InfoBlast (http://www.mswep.com/infoblastsign_up.aspx)

"Ori Maoz" <or...@plznospam.hotpop.com> wrote in message
news:ec3XPCL2...@TK2MSFTNGP10.phx.gbl...

0 new messages