Devon think security

Recently i uploaded my devon think data bases to an online storage website. One of the databases was pasword encrypted. When i went online i found that i was freely able to see the secured files online. By this i mean the files inside the password locked database were easily viewable within the cloud. Is there a way to beef up the security system on devonthink, so that a simple storage cloud would not be able to read my files?

You could use an encrypted sparse bundle and place your database into that bundle. Mount it and open the database with DT. That way, all content of your datase is encrypted.

You can create such a bundle with Disk Utility, and then copy your database into it. Give it enough maximum size and make it growing. Depending on your connection speed you might want to create the sparse bundle on your desktop and then upload it, or create it directly in the online storage.

What does “easily viewable within the cloud” mean? Most cloud servers apply their own encryption as well. Do you want the files to be encrypted so that someone with physical access to your computer still needs a password to read them? Or do you simply want them to be secure against random hackers who might get access to the cloud server?


I’ve done this and it works generally but if you count on Time Machine for backups, I’ve had trouble recovering from a TC. The encryption is OK and password still opens the recovered dmg, but the docs inside don’t have the proper database indexing and DevonThink seems to lose reference and can’t display them.

Have you tested this? - maybe it’s something I’m doing


Maybe the problem with Time Machine are its automated backups. I learned that DT doesn’t like to have its database backed up while it’s running, so this might be the cause of the problem.

Did you back up the whole DT database package? If so, does a “Tools” -> “restore from backup” help?

I use a program called Carbon Copy Cloner. It can be configured to run when ever the backup volume is mounted, which I do manually after closing DTP.

BTW, I’m wondering what TC might be? Technical catastrophe? Total crash? Tropical cyclone? :wink:

I have just discovered that one can access the files within a password protected DevonThink databe simply by right-clicking the mouse and choosing Show Package Contents. I consider this as a sever security issue. DEVONtechnologies should at least make its DevonThink customers aware of this security failure. Better, they should tackle this problem as soon as possible!

Yes, DEVONthink Pro and Pro Office use OS X package files for databases. And the folder Files.noindex within the package file holds document files. That in itself is not a security issue. Your issue should be, instead, the security of the server.

If you wish to run a DEVONthink Pro or Pro Office database on a local server, and wish to have high-level security, a sound approach is to store the database file within an encrypted (256 bit) sparse disk image. But don’t forget the password. :slight_smile:

I recommend against storing database files on online servers such as Dropbox, because package files may not be properly handled (especially large ones) and might be damaged. Indeed, if one actually opens the database in that setting, damage is probable.

Hi. And, just to clarify, because we may have drifted away from the OP’s issue with the cloud that they had many moons ago, you can now sync securely through Dropbox by using the sync to a remote location feature. … aa3dd.html

If you stick your database in the cloud directly, that is a different story, and is not recommended.