Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix journal security hole

  • Loading branch information...
commit 6bd7a49c1e26d382dc69e32a6e8886fd281afc98 1 parent 635da65
@friedger friedger authored
View
3  .gitignore
@@ -0,0 +1,3 @@
+*/bin
+*/gen
+*/build-private.properties
View
6 Safe/src/org/openintents/safe/DBHelper.java
@@ -121,7 +121,11 @@ public DBHelper(Context ctx) {
myCtx = ctx;
try {
db = myCtx.openOrCreateDatabase(DATABASE_NAME, 0,null);
-
+
+ // avoid journals in the file system as it gives access to the passwords.
+ // FIXME: if you can get hold of a memory dump you could still get access to the passwords.
+ db.rawQuery("PRAGMA journal_mode=MEMORY",null);
+
// Check for the existence of the DBVERSION table
// If it doesn't exist than create the overall data,
// otherwise double check the version
View
1  SafeDemo/.classpath
@@ -3,5 +3,6 @@
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="com.android.ide.eclipse.adt.ANDROID_FRAMEWORK"/>
<classpathentry kind="src" path="gen"/>
+ <classpathentry exported="true" kind="con" path="com.android.ide.eclipse.adt.LIBRARIES"/>
<classpathentry kind="output" path="bin"/>
</classpath>
View
11 SafeDemo/default.properties
@@ -1,11 +0,0 @@
-# This file is automatically generated by Android Tools.
-# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
-#
-# This file must be checked in Version Control Systems.
-#
-# To customize properties used by the Ant build system use,
-# "build.properties", and override values to adapt the script to your
-# project structure.
-
-# Project target.
-target=android-9
View
14 SafeDemo/project.properties
@@ -0,0 +1,14 @@
+# This file is automatically generated by Android Tools.
+# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
+#
+# This file must be checked in Version Control Systems.
+#
+# To customize properties used by the Ant build system edit
+# "ant.properties", and override values to adapt the script to your
+# project structure.
+#
+# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
+#proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt
+
+# Project target.
+target=android-9
Please sign in to comment.
Something went wrong with that request. Please try again.