Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] Package contents in plain text in the waptdb.sqlite file

https://forum.tranquil.it/viewtopic.php?t=3423

Page 1 of 1

[RESOLVED] Package contents in plain text in the waptdb.sqlite file

Published: March 29, 2023 - 4:33 PM
by GF68
Good morning,

I just noticed this morning that the contents of the local database file waptdb.sqlite is clear.

Full file path:

Code: Select all

C:\Program Files (x86)\wapt\db
The entire contents of the packages executed on the machine can be read in plain text.

The problem is that the file can be read by all users.

Is this normal, or have I misconfigured my installation?

Sincerely,

Guillaume

Re: Package contents in plain text in the waptdb.sqlite file

Published: March 29, 2023 - 4:57 PM
by sfonteneau
This is perfectly normal; our documentation explains it clearly:


https://www.wapt.fr/fr/doc/wapt-create- ... pt-package

Since session-setup needs it to execute the code located in that same database,

if you need to store sensitive information in a package, you must follow the example in the documentation.

Re: Package contents in plain text in the waptdb.sqlite file

Published: March 30, 2023 - 08:36
by GF68
Thank you for your reply!

I completely missed that part of the documentation.

Out of curiosity, why wasn't the file encrypted?

Re: [Resolved] Package contents in plain text in the waptdb.sqlite file

Published: March 30, 2023 - 2:36 PM
by dcardon
Hi Guillaume,

the `def session-setup()` function must be readable by the user when the session is opened, so it must be readable in a standard user context.

Regards,

Denis

Re: [SOLVED] Package contents in plain text in the waptdb.sqlite file

Published: March 31, 2023 - 11:03
by GF68
Hello,

Okay, I understand the logic better now.

Thank you for your reply.
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru