This file is indexed.

/usr/share/help/C/programming-guidelines/databases.page is in gnome-devel-docs 3.18.1-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<page xmlns="http://projectmallard.org/1.0/"
      xmlns:its="http://www.w3.org/2005/11/its"
      xmlns:xi="http://www.w3.org/2003/XInclude"
      type="topic"
      id="databases">

  <info>
    <link type="guide" xref="index#specific-how-tos"/>

    <credit type="author copyright">
      <name>Philip Withnall</name>
      <email its:translate="no">philip.withnall@collabora.co.uk</email>
      <years>2015</years>
    </credit>

    <include href="cc-by-sa-3-0.xml" xmlns="http://www.w3.org/2001/XInclude"/>

    <desc>Simple persistent object stores</desc>
  </info>

  <title>Databases</title>

  <synopsis>
    <title>Summary</title>

    <list>
      <item><p>
        Use databases for appropriate use cases: not configuration data (use
        GSettings). (<link xref="#when-to-use-databases"/>)
      </p></item>
      <item><p>
        Choose between GOM and GVDB based on whether indexing is required.
        (<link xref="#when-to-use-databases"/>)
      </p></item>
      <item><p>
        Consider your vacuuming policy before committing to using GOM.
        (<link xref="#when-to-use-databases"/>)
      </p></item>
      <item><p>
        Avoid SQL injection vulnerabilities by using prepared statements.
        (<link xref="#sql-injection"/>)
      </p></item>
    </list>
  </synopsis>

  <section id="when-to-use-databases">
    <title>When to Use Databases</title>

    <p>
      Configuration data should be stored in
      <link href="https://developer.gnome.org/gio/stable/GSettings.html">GSettings</link>.
      As a rule of thumb, if some data needs to be persistent and affects how an
      application behaves, it is configuration data. If it could potentially be
      subject to policies imposed by the system administrator (such as proxy or
      lockdown settings), it is configuration data. If it contains user created
      content, it is not configuration data, and should not be stored in
      GSettings.
    </p>

    <p>
      For such situations where user data is highly structured, storing it in a
      database is sensible. There are two main databases suggested for use
      within GNOME: GOM and GVDB. GOM is a wrapper around SQLite, and hence
      implements indexing of fields and SQL-style queries. GVDB is a much
      simpler object store, supporting fast serialization of a dictionary of
      objects to disk.
    </p>

    <p>
      GOM should be used if you need advanced features, especially indexing.
      GVDB should be used otherwise.
    </p>

    <p>
      Before deciding to use GOM (and hence SQLite), you must consider a
      vacuuming policy for the database, and whether your use case will interact
      well with SQLite’s vacuuming system. Vacuuming is effectively SQLite’s
      term for defragmenting the database — if a database is not vacuumed
      appropriately, performance will degrade and the database size will
      increase indefinitely. Read
      <link href="http://blogs.gnome.org/jnelson/2015/01/06/sqlite-vacuum-and-auto_vacuum/">this
      article</link> on vacuuming for more information; please consider it
      before choosing to use GOM.
    </p>
  </section>

  <section id="gom">
    <title>Using GOM</title>

    <p>
      Providing a GOM tutorial is beyond the scope of this document, but a
      <link href="https://developer.gnome.org/gom/0.2/">reference manual is
      available</link>.
    </p>

    <comment>
      <p>
        FIXME: Update this link to https://developer.gnome.org/gom/stable/ once
        it’s available.
      </p>
    </comment>

    <section id="sql-injection">
      <title>SQL Injection</title>

      <p>
        GOM does allow access to the lower level SQLite query APIs. When using
        them, queries <em style="strong">must</em> be constructed using
        SQLite’s <link href="https://www.sqlite.org/c3ref/stmt.html">prepared
        statement</link> and
        <link href="https://www.sqlite.org/c3ref/bind_blob.html">value
        binding</link> API, rather than by constructing SQL strings then passing
        them to SQLite to parse. Constructing strings makes
        <link href="http://en.wikipedia.org/wiki/SQL_injection">SQL
        injection</link> vulnerabilities very likely, which can give attackers
        access to arbitrary user data from the database.
      </p>
    </section>
  </section>

  <section id="gvdb">
    <title>Using GVDB</title>

    <p>
      GVDB has a simple API which mirrors a conventional hash table. Presently,
      GVDB is only available as a copy-and-paste library; fetch the most recent
      copy of the code from
      <link href="https://git.gnome.org/browse/gvdb">GVDB git</link> and copy
      it into your project. It is licenced under LGPLv2.1+.
    </p>

    <p>
      A full GVDB tutorial is beyond the scope of this document.
    </p>
  </section>
</page>