{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 走好不送 的问题《Sensitive Data stored in cache.db-wal file?》','https://www.manongdao.com/q-534914.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am facing an issue in an iOS application that uses a UIWebView to render HTML5 code that is part of the application bundle.
This HTML5 code makes ajax requests to our backend which may potentially have sensitive data in them. This is all done over HTTPS and our application never stores the sensitive data. However, when doing security testing for the application, we found that http post requests where being stored in a local SQL Lite database (cache.db) as of iOS 5.
It was easy to manage that, by setting the NSURLCache global object to have zero disk storage, and deleting the file when appropriate.
Now however, it looks like in iOS 6.1 Apple has changed the implementation again, and the data is being stored in cache.db-wal. I have limited knowledge of SQL Lite, but I think this is a file created when SQL Lite is initialized with certain options.
Any suggestions as to a fix?
After further research, it seems that the suggestion by Hot Licks above was correct, by adding the "no-cache, no-store" value to the HTTP response, the HTTP request values where not logged in the SQLite database.
For example, in ASP.Net MVC:
The other files created by SQLite (
-journal,-wal,-shm) are part of the database itself.When you delete the
cache.dbfile, also delete anycache.db-*files.To prevent that data gets inserted in the first place, open the database and create some trigger like this on every table:
(And then check whether the UIWebView blows up when the inserted records don't actually show up …)
You can call
This will clear all the cached url calls from the Cache.db file.