Vetting SQLite

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

Vetting SQLite

Drago, William @ CSG - NARDA-MITEQ-2
All,

I've been using/loving SQLite for years, but the use of open source software is highly discouraged where I work, and now I have to prove to our IT dept. that SQLite is reliable and secure. The reliable part is easy because there is enough information on the SQLite website about testing, but what about security? How can I convince the auditors that SQLite is not stealing corporate secrets and spreading viruses?

Is there a statement somewhere on the website that guarantees that copies of SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all forms of spyware/malware/viruses/etc?

Thanks,
--
Bill Drago
Staff Engineer
L3 Narda-MITEQ<http://www.nardamiteq.com/>
435 Moreland Road
Hauppauge, NY 11788
631-272-5947 / [hidden email]<mailto:[hidden email]>

CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving..

Beginning April 1, 2018, L3 Technologies, Inc. will discontinue the use of all @L-3Com.com email addresses. To ensure delivery of your messages to this recipient, please update your records to use [hidden email].
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

J. King-3
I'm not aware of a statement or guarantee, but the Web site provides lots of evidence here:

<http://sqlite.org/famous.html>

In particular, SQLite being used as part of aircraft software by Airbus should tell you something.

On February 5, 2018 12:21:53 PM EST, "Drago, William @ CSG - NARDA-MITEQ" <[hidden email]> wrote:

>All,
>
>I've been using/loving SQLite for years, but the use of open source
>software is highly discouraged where I work, and now I have to prove to
>our IT dept. that SQLite is reliable and secure. The reliable part is
>easy because there is enough information on the SQLite website about
>testing, but what about security? How can I convince the auditors that
>SQLite is not stealing corporate secrets and spreading viruses?
>
>Is there a statement somewhere on the website that guarantees that
>copies of SQLIte downloaded from SQLite.org and System.Data.Sqlite.org
>are free of all forms of spyware/malware/viruses/etc?
>
>Thanks,
>--
>Bill Drago
>Staff Engineer
>L3 Narda-MITEQ<http://www.nardamiteq.com/>
>435 Moreland Road
>Hauppauge, NY 11788
>631-272-5947 / [hidden email]<mailto:[hidden email]>
>
>CONFIDENTIALITY NOTICE: This email and any attachments are for the sole
>use of the intended recipient and may contain material that is
>proprietary, confidential, privileged or otherwise legally protected or
>restricted under applicable government laws. Any review, disclosure,
>distributing or other use without expressed permission of the sender is
>strictly prohibited. If you are not the intended recipient, please
>contact the sender and delete all copies without reading, printing, or
>saving..
>
>Beginning April 1, 2018, L3 Technologies, Inc. will discontinue the use
>of all @L-3Com.com email addresses. To ensure delivery of your messages
>to this recipient, please update your records to use
>[hidden email].
>_______________________________________________
>sqlite-users mailing list
>[hidden email]
>http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Jens Alfke-2
In reply to this post by Drago, William @ CSG - NARDA-MITEQ-2


> On Feb 5, 2018, at 9:21 AM, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:
>
> The reliable part is easy because there is enough information on the SQLite website about testing, but what about security?

Open source software is more secure than closed source, since the source code can be reviewed and audited. (In the security field, closed-source cryptographic software isn’t even taken seriously since it’s not possible to verify its claims, just as scientific results need peer review and independent confirmation.)

>  How can I convince the auditors that SQLite is not stealing corporate secrets and spreading viruses?

You can very easily prove that SQLite contains no networking code, so it’s incapable of accessing any network. Just search through sqlite3.c looking for the names of the system calls needed to open a socket; they don’t appear. Or more rigorously, use a (platform-specific) tool to dump the list of external functions called by the compiled SQLite library.

It should also be fairly easy to look through the code to prove that SQLite doesn’t open any files other than the ones specifically requested by the caller (plus the -wal and -shm side files) so it can’t be stealing data or writing viruses into system software.

I don’t know if this will convince your IT management though, because if they’re against open source they must be remarkably backward...

—Jens
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Simon Slavin-3
In reply to this post by Drago, William @ CSG - NARDA-MITEQ-2
On 5 Feb 2018, at 5:21pm, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:

> I've been using/loving SQLite for years, but the use of open source software is highly discouraged where I work, and now I have to prove to our IT dept. that SQLite is reliable and secure. The reliable part is easy because there is enough information on the SQLite website about testing, but what about security? How can I convince the auditors that SQLite is not stealing corporate secrets and spreading viruses?

What's "CSG" ?  Chief of Security Group ?

The ideal way would seem to be that you download the source code and compile it yourself.  Which is actually the preferred way to use SQLite in the first place. On the download page download the top item "C source code as an amalgamation".  You get your own copy of the source code to inspect and compile as you wish.  They can spend as long as they want looking for concealed IP addresses and system calls.

> Is there a statement somewhere on the website that guarantees that copies of SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all forms of spyware/malware/viruses/etc?

That's harder.  How does your organisation inspect other pre-compiled libraries ?  Does it have established uniform standards or are you suddenly being asked to make up your own ?

You can download the DLL from the SQLite site, and verify that the checksum is correct.  You can compile the DLL yourself (you may need Joe's help) and check to see it's a byte-for-byte copy.  You can use tools which inspect the DLL and show its dependencies.  You won't find anything in there that has internet access.  That's a pretty good first step since you can't steal information without internet access, and most vulnerability toolkits take their instructions over the internet.

If you have specific questions, post them here.  Or pay my consultancy rate.  Heh.

Simon.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Igor Korot
Hi,


On Mon, Feb 5, 2018 at 11:41 AM, Simon Slavin <[hidden email]> wrote:
> On 5 Feb 2018, at 5:21pm, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:
>
>> I've been using/loving SQLite for years, but the use of open source software is highly discouraged where I work, and now I have to prove to our IT dept. that SQLite is reliable and secure. The reliable part is easy because there is enough information on the SQLite website about testing, but what about security? How can I convince the auditors that SQLite is not stealing corporate secrets and spreading viruses?

Out of curiosity - does your company do the security scans quarterly
to make sure that the system (whatever is used) and the software you
guys provide are free for all security vulnerabilities?
As an example - here we do the scans quarterly, than check all
findings against RHSA (we use Red Hat Enterprise) and then fix them.
And then do quarterly security releases for the OS and software.

I'm sure Windows have the same Security Vulnerabilities DB where you
can check what should be fixed by the update, which will be done
automatically anyway.
And if you have a source code scanner(s) - you are in luck as you can
just check the code and fix it.

Thank you.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Richard Hipp-3
In reply to this post by Drago, William @ CSG - NARDA-MITEQ-2
On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:

> All,
>
> I've been using/loving SQLite for years, but the use of open source software
> is highly discouraged where I work, and now I have to prove to our IT dept.
> that SQLite is reliable and secure. The reliable part is easy because there
> is enough information on the SQLite website about testing, but what about
> security? How can I convince the auditors that SQLite is not stealing
> corporate secrets and spreading viruses?
>
> Is there a statement somewhere on the website that guarantees that copies of
> SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all
> forms of spyware/malware/viruses/etc?

As for SQLite itself, every byte of source code can be traced back to
the specific individual who wrote it.  Most of those bytes are from
just two people.  All contributors are either US or Australian
citizens.  Not only is every line of source code originated from a
fully vetted individual, but we have proof that every line of code is
tested.  There is no opportunity for a virus to slip in.

SQLite is open-source, but it is not open-contribution.  Do not
confuse these two concepts.  Anybody can read and use the SQLite
sources, but very few peopled are allowed to commit changes.  All
committers are personally known to me.  We do not except drive-by
patches.  SQLite does not contain code that has been copy/pasted from
the internet.  All of the code in the SQLite core is purposefully
written specifically for the SQLite core.

SDS is slightly more problematic.  The biggest chunk of that code was
inherited, and we cannot vouch for the provenance of that inherited
code.  On the other hand, we have had total control SDS since 2010,
and nothing has come up during the subsequent 8 years of development
and maintenance.  Since 2011, all check-ins to the SDS source code
have come from just 3 individuals, with all but about 8 check-ins from
a single programmer who is a US citizen and fully vetted and known
personally to me.

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Bob Friesenhahn
In reply to this post by Jens Alfke-2
On Mon, 5 Feb 2018, Jens Alfke wrote:

> You can very easily prove that SQLite contains no networking code,
> so it’s incapable of accessing any network. Just search through
> sqlite3.c looking for the names of the system calls needed to open a
> socket; they don’t appear. Or more rigorously, use a
> (platform-specific) tool to dump the list of external functions
> called by the compiled SQLite library.

The default configuration of SQLite does have the possibilty of
executing network code since it is able to load external shared
libraries as modules and the modules can contain arbitrary code.

The security of SQLite depends on how it is built, the environment in
which it is used, and the arguments supplied to it.

If arbitrary SQL commands can be sent into SQLite, then good luck and
best wishes regarding security.

Bob
--
Bob Friesenhahn
[hidden email], http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

John Found
In reply to this post by Drago, William @ CSG - NARDA-MITEQ-2
On Mon, 5 Feb 2018 17:21:53 +0000
"Drago, William @ CSG - NARDA-MITEQ" <[hidden email]> wrote:

> All,
>
> I've been using/loving SQLite for years, but the use of open source software is highly discouraged where I work, and now I have to prove to our IT dept. that SQLite is reliable and secure. The reliable part is easy because there is enough information on the SQLite website about testing, but what about security? How can I convince the auditors that SQLite is not stealing corporate secrets and spreading viruses?
>

The open code is actually the only code that can be proofed to be secure. The written guarantee is pointless actually because the malware is always introduced in secret. The procedure is following:

1. Download the SQLite code from the official repository.
2. Audit the code in order to proof it does not contains malware/spyware/security flaws.
3. Compile the code and link it against the dependencies proofed to be secure! (this is important!)
4. You have SQLite proven to be secure.

The only problem is p.3, but if your company is so paranoid about security, you already have audited the standard
C libraries.


> Is there a statement somewhere on the website that guarantees that copies of SQLIte downloaded from SQLite.org and System.Data.Sqlite.org are free of all forms of spyware/malware/viruses/etc?
>
> Thanks,
> --
> Bill Drago
> Staff Engineer
> L3 Narda-MITEQ<http://www.nardamiteq.com/>
> 435 Moreland Road
> Hauppauge, NY 11788
> 631-272-5947 / [hidden email]<mailto:[hidden email]>
>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving..
>
> Beginning April 1, 2018, L3 Technologies, Inc. will discontinue the use of all @L-3Com.com email addresses. To ensure delivery of your messages to this recipient, please update your records to use [hidden email].
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users


--
http://fresh.flatassembler.net
http://asm32.info
John Found <[hidden email]>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

John Long
In reply to this post by Jens Alfke-2
On Mon, 2018-02-05 at 09:39 -0800, Jens Alfke wrote:
> > On Feb 5, 2018, at 9:21 AM, Drago, William @ CSG - NARDA-MITEQ <Wil
> > [hidden email]> wrote:
> >
> > The reliable part is easy because there is enough information on
> > the SQLite website about testing, but what about security?
>
> Open source software is more secure than closed source, since the
> source code can be reviewed and audited.

It is considered more easy to verify, sure. But there are still some
big questions:

1. How do you know the source you're looking at is what you're running?

2. How do you know the source you're seeing is compiled correctly? Look
at the buglists for common (*cough* gcc *cough*) compilers.

3. How do you know the CPU you are running on is running the code
correctly and that it is secure? Common microprocessor vendors have
hundreds of errata for chips still being sold.

The only way to know what code is doing is to trace it on the target
hardware. We don't need source code for that. And even that could be
misleading if the hardware is broken or deliberately subverted.

>  (In the security field, closed-source cryptographic software isn’t
> even taken seriously since it’s not possible to verify its claims,
> just as scientific results need peer review and independent
> confirmation.)

That is true but perhaps closed-source cryptographic _algorithms_ are
the issue and not source code. And this is just for reference
implementations... you can still verify exactly what you have without
source code. It just takes more effort and personally I believe it's
more reliable.

I don't believe RSA or IBM or any of the other vendors have open
sourced any crypto code. I think what typically happens is when they
come up with a new standard they produce a reference implementation and
then after the contest is over they implement whatever they implement
and everybody just uses it.

> I don’t know if this will convince your IT management though, because
> if they’re against open source they must be remarkably backward...

I don't think that is necessarily so. Many companies want/need to be
able to point fingers when something goes wrong. And they need to get
their systems working ASAP. The vast majority of open source projects
have no accountability, they're free as in beer and as long as it works
for the guys spending their time writing it they're done. Companies
(especially publicly owned and traded companies) really can not rely on
freebies and goodwill if they want to stay in business and keep their
executives out of jail. Open source quality is atrocious. Sure, a lot
of closed source quality is atrocious too. Free stuff should be
expected to be worth price paid and most of the time it is not even
that.

sqlite (and fossil!) are wonderful, wonderful projects. But there is a
sea of unsupported garbage out there and nobody who wants to keep their
job can feel safe wading through that. There is also the issue of viral
contamination of GPL, etc.

I think Dr. Hipp did everything right but even so, he is in the tiny
minority.

/jl



_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Drago, William @ CSG - NARDA-MITEQ-2
In reply to this post by Richard Hipp-3
To all that replied, thank you. Open source, not open contribution is a plus, so is the wide deployment and well known users (Airbus). There were many other good ideas mentioned like examining the source for network calls, etc. All of this will help me build a case in favor of SQLite.

No one here is denying the utility and value of open source software. Our IT dept. is following corporate mandates designed to protect our networks from various threats. It is understandable.

Most of the software we use here, Microsoft and other well-known and paid-for products, are validated by corporate before deployment, and there are regular scans and updates. When everyone else in the company is using Microsoft SQL Server Express and I'm using SQLite instead it raises eyebrows. The last thing we need is some rouge engineer (could be me) breaking all our centrifuges with "freeware from the internet" when he should have used approved software instead. I know SQLite is safe and secure, but the auditors only know what is on their lists.

Thanks again for all of your suggestions. I am a regular reader of this group because I learn so much.

--
Bill Drago
Staff Engineer
L3 Narda-MITEQ
435 Moreland Road
Hauppauge, NY 11788
631-272-5947 / [hidden email]
CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving..

Beginning April 1, 2018, L3 Technologies, Inc. will discontinue the use of all @L-3Com.com email addresses. To ensure delivery of your messages to this recipient, please update your records to use [hidden email].
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Richard Hipp-3
On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:
>
> Most of the software we use here, Microsoft and other well-known and
> paid-for products,

You know that every copy of Windows comes with SQLite preinstalled,
right?  C:\Windows\System32\winsqlite3.dll
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Simon Slavin-3
On 5 Feb 2018, at 11:02pm, Richard Hipp <[hidden email]> wrote:

> On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <[hidden email]> wrote:
>>
>> Most of the software we use here, Microsoft and other well-known and
>> paid-for products,
>
> You know that every copy of Windows comes with SQLite preinstalled,
> right?  C:\Windows\System32\winsqlite3.dll

And SQLite is used internally in several parts of Microsoft Office.  For example, Outlook's database in Mac Office 365 is a SQLite database[1].  So if corporate have okayed the use of Office they've okayed a use (though arguably not general use) of SQLite.

Microsoft's own .NET library is Microsoft.Data.SQLite but not all of Microsoft's own tools use it since it is part of a long dependency chain which makes compiled apps rather large.

Simon.

Cite:
[1] <https://blogs.technet.microsoft.com/office_for_mac_support_team_blog/2015/01/07/outlook-for-mac-for-office-365-database/>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Stephen Chrzanowski
In reply to this post by Richard Hipp-3
I was surprised to see that statement, so, checking my system, this isn't
true.  Win7Pro-x64.  Not with that filename anyways.  Searching my system
with the "Everything" tool, [ *sqlite3.exe ] comes up with DLLs that I've
touched only.  The DLL's I've dumped into the Windows directories exist in
c:\Windows\SysWOW64 only because c:\Windows\System32 is redirected there.
On my system, there is only one sqlite3.dll with a timestamp of Aug 11,
2016, and is version 3.14.1.0 according to the Details tab.


On Mon, Feb 5, 2018 at 6:02 PM, Richard Hipp <[hidden email]> wrote:

> On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <[hidden email]>
> wrote:
> >
> > Most of the software we use here, Microsoft and other well-known and
> > paid-for products,
>
> You know that every copy of Windows comes with SQLite preinstalled,
> right?  C:\Windows\System32\winsqlite3.dll
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

J. King-3
I believe it's only since Windows 8.

On February 5, 2018 7:51:39 PM EST, Stephen Chrzanowski <[hidden email]> wrote:

>I was surprised to see that statement, so, checking my system, this
>isn't
>true.  Win7Pro-x64.  Not with that filename anyways.  Searching my
>system
>with the "Everything" tool, [ *sqlite3.exe ] comes up with DLLs that
>I've
>touched only.  The DLL's I've dumped into the Windows directories exist
>in
>c:\Windows\SysWOW64 only because c:\Windows\System32 is redirected
>there.
>On my system, there is only one sqlite3.dll with a timestamp of Aug 11,
>2016, and is version 3.14.1.0 according to the Details tab.
>
>
>On Mon, Feb 5, 2018 at 6:02 PM, Richard Hipp <[hidden email]> wrote:
>
>> On 2/5/18, Drago, William @ CSG - NARDA-MITEQ <[hidden email]>
>> wrote:
>> >
>> > Most of the software we use here, Microsoft and other well-known
>and
>> > paid-for products,
>>
>> You know that every copy of Windows comes with SQLite preinstalled,
>> right?  C:\Windows\System32\winsqlite3.dll
>> --
>> D. Richard Hipp
>> [hidden email]
>> _______________________________________________
>> sqlite-users mailing list
>> [hidden email]
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>>
>_______________________________________________
>sqlite-users mailing list
>[hidden email]
>http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Richard Hipp-3
In reply to this post by Stephen Chrzanowski
On 2/5/18, Stephen Chrzanowski <[hidden email]> wrote:
> I was surprised to see that statement, so, checking my system, this isn't
> true.  Win7Pro-x64.

It's on Windows10.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Simon Slavin-3
In reply to this post by J. King-3
On 6 Feb 2018, at 12:56am, J. King <[hidden email]> wrote:

> I believe it's only since Windows 8.

Seems likely.  SQLite has been part of the Windows SDK since Windows 10 Anniversary Update [1], some time around August 2016.  I find it plausible that SQLite was in Windows 8 but not in Windows 7.

By the way, the Sticky Notes App included with Windows 10 keeps its data in a SQLite database.

Simon.

Cite:
[1] <https://blogs.windows.com/buildingapps/2017/02/06/using-sqlite-databases-uwp-apps/>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

J Decker
In reply to this post by Richard Hipp-3
On Mon, Feb 5, 2018 at 5:04 PM, Richard Hipp <[hidden email]> wrote:

> On 2/5/18, Stephen Chrzanowski <[hidden email]> wrote:
> > I was surprised to see that statement, so, checking my system, this isn't
> > true.  Win7Pro-x64.
>
> It's on Windows10.
>

M:\>dir c:\windows\SysWOW64\*sqlite*
 Volume in drive C is OS
 Volume Serial Number is F27E-3A0D

 Directory of c:\windows\SysWOW64

09/29/2017  05:42 AM           592,384 winsqlite3.dll



Version 3.19.3


> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Vetting SQLite

Olivier Mascia
In reply to this post by Simon Slavin-3
> Le 6 févr. 2018 à 00:30, Simon Slavin <[hidden email]> a écrit :
>
>> You know that every copy of Windows comes with SQLite preinstalled,
>> right?  C:\Windows\System32\winsqlite3.dll
>
> And SQLite is used internally in several parts of Microsoft Office.  For example, Outlook's database in Mac Office 365 is a SQLite database[1].

Visual Studio 2017 (it started with Visual Studio 2015 and was an opt-in with the next before release) uses it too. Have a look in the (hidden-attributed) folder .vs where you have .sln files...

--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users