-
Victor Costan authored
Chrome's SQLite currently uses permissive (0644) POSIX access controls for newly created databases, and //sql offers a method for opting into restrictive (0600) permissions. This method is only used by the login database. However, all Chrome databases are likely to have private data. For example, the cookies database may contain long-lived OAuth tokens, and can be just as valuable as the login database. The same argument applies for the DOMStorage database. This CL configures SQLite to use restrictive permissions by default, and removes the method for opting into the restrictive permissions. Change-Id: I5f0ce9e7f038081fad515cfc30c45ccccf7ff1b6 Reviewed-on: https://chromium-review.googlesource.com/1146295Reviewed-by:
Vaclav Brozek <vabr@chromium.org> Reviewed-by:
Chris Mumford <cmumford@chromium.org> Reviewed-by:
Robert Sesek <rsesek@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#577476}
ce678e79
