Closing databases on logout


I’m running with

  • CouchbaseLite Android 1.4.0
  • SyncGateway 1.3.1
  • Couchbase Server 4.5.1

My application is using a login/logout system. When the user logs in, the database is opened and decrypted. But the device might be shared by many users and I want to be sure that in case the user logs out or leave the application, the data aren’t reachable.

For this to be achieved, do I have to close my databases (by calling database.close() ) whenever the user logs out or kill the application? I mean, what could happen if database.close() is not called? Would it mean that the data are still decrypted?

What I’m doing actually:
To be sure that all databases would be closed before a new user logs in, I displayed a loading dialog once a user has log out while my application is closing the databases: but the closing of these databases might take several minutes in case the Sync Gateway is not reachable (no WiFi for example) (because it first try to close all replications, which make sense).

So that’s why I’m asking myself if this could be a security leak to not closing these databases or if their is a better way of cleaning every connections to local and remote databases.

Thank’s for your time.

The database is never stored decrypted on disk, even without a call to close. Pages of the database are read into memory on demand and decrypted. The results will stay in memory and when written back to disk they are encrypted again.

So if I understand well, no need to close the database while logging out (in a security point of view)? And in term of resources management, is it good practice to close databases when the user leaves the app or not?

It can help tidy things up on disk to close the database but if you don’t its not the end of the world.