I have deleted a couple of my Visa bills from DevonThink database because the bills contain my visa card number and since DT does not allow (at this time) to encrypt a folder or a group of files, I felt it was just safer to remove them. I can still download the bills later from my bank online account.
So I deleted the files but a spotlight search for my credit card number reveals that the files are still present under user/library/caches/metadata/devonthink pro 2/ subfolders.
1- is it safe to delete the cache subfolders ?
2- what is the use of the files stored there (their extension is .dtp2)
3- are those files automatically deleted at some point ?
Ok I think I found an answer to my questions on this post
Moderator may want to delete the post (or leave it as it might serve other people). Sorry for posting before going through the older posts !!
As you discovered, if Spotlight indexing is turned on for a database (File > Database Properties), indexing information is provided to Spotlight in those metadata cache files. Those cache files do not contain the actual files, just indexing information. Yes, your credit card number was indexed.
So if you have a database that contains sensitive information, you probably don’t want to provide Spotlight indexing for it.
Can you create a DT Pro/Office database that is very secure? Yes. Store that database in an encrypted disk image, with 128- or 256-bit encryption, which provides industrial strength security. Don’t enable Spotlight indexing while that database is open (which would obviously reduce security). Choose a password to open the encrypted file that cannot easily be guessed or hacked. Your dog’s name, your address or your wife’s birthday are examples of bad passwords, which might be guessed by someone who possesses information about you. Don’t leave that database open when it’s not being used, or copy its contents to another location while it’s open. Finally, don’t forget that password; if you do, you have effectively lost access to that database and its contents.
Last, don’t install one of those convenient utilities that remembers your passwords and credit card numbers without your interaction. Anyone sitting at your computer could access your bank accounts or order expensive stuff online. Concern about the security of that information in a DT database would have been rendered moot.
Do I encrypt my own databases that hold information such as credit card numbers? No. Only two times over many years have improper charges have been made to my cards. A thief stole my wife’s purse and found both the card and the PIN, then made a $300 ATM withdrawal. The bank reimbursed the charge. A department store clerk used my card to make a number of charges. The department store didn’t bill me. I’m insured against any misuse of my credit cards or bank accounts, if I report them timely. The only inconvenience would be a couple of days waiting for a new card.
But there have been times in the past when I’ve had very sensitive governmental information, and I definitely used encryption then.