Cwa-app-android: Usage of sqlite
Please describe in great details why you decided to use sqlite.
According to the documentation and the expected data a simple json file can be used.
The CCC demonstrated in very simple steps, that SQLite can be used via SQL Statements to execute code.
Why add this level of possible vulnerability to the software - when there is really no need to use a database?
Please also describe in great details - why a specific version "2.0.x" was chosen by the gradle build files.
egandro
All 3 comments
Dear @egandro , thanks for all your activity and pointing out potential issues.
Can we kindly ask you to just state your questions without always demanding "great details"? These additions always take away from the well-intended original purpose.
tkowark
on 30 May 2020
In general: My main statement - if you don't need it - don't use it!
If you use it please explain why.
The vulnerability of specific Sqlite versions where shown at specific locations. CCC and Black Hat.
If you don't give - details - why you choose a specific version - generic questions of trust appear!
Example: Are there technical reasons for a specific versions - or - are there any other interests involved.
Please explain this, as SQLite is well known to be a buggy piece of code.
egandro
on 30 May 2020
The team uses Room (and consequently SQLIte) for the purpose described here.
As stated in the Readme this also might be subject to change.
If you know about vulnerabilities of the concrete sqlite version used in this project, please let us know!
tkowark
on 30 May 2020
Related issues
Alestrix
路
3Comments
marceljay
路
3Comments
ParthaEth
路
3Comments
ironjan
路
3Comments
vaggelisdouros
路
3Comments
Most helpful comment
Dear @egandro , thanks for all your activity and pointing out potential issues.
Can we kindly ask you to just state your questions without always demanding "great details"? These additions always take away from the well-intended original purpose.