Deleted chats persist #1983

New Issue

GiteaMirror · 2025-11-11T14:58:07-06:00

GiteaMirror commented

2025-11-11 14:58:07 -06:00

Originally created by @cyuzik on GitHub (Sep 4, 2024).

Discussed in https://github.com/open-webui/open-webui/discussions/4990

^{Originally posted by cyuzik August 28, 2024}
I was really interested in the integrated RAG and potential for internal document discussions and summarization capabilities within open-webui.

I'm very concerned that after chats are deleted, they still exist in the docker disk image in all their plain-text glory. This is a serious problem in any business that needs to delete data, especially data that has personally-identifiable-information within the chats. Anyone wanting to test this for themselves could do the following: ask a model to generate a poem about a fictional word made up of random characters such as "write a poem about 139a95e". Then when it's done, delete the chat. Then open the docker disk image using a tool such as HxD and search for 139a95e, and you'll find the chat plain as day.

I'm not sure what the best way to move forward is. Perhaps there could be some way of overwriting the chat data for the specific chat on the hard drive with random characters, then deleting but that would require the system to ensure it's overwriting the same sections of the drive.

It appears that open-webui uses SQLite as its backend database. Maybe there are ways of "vacuuming" the database after a chat delete? If not, is there some way of providing a secure delete?

Originally created by @cyuzik on GitHub (Sep 4, 2024). ### Discussed in https://github.com/open-webui/open-webui/discussions/4990 <div type='discussions-op-text'> <sup>Originally posted by **cyuzik** August 28, 2024</sup> I was really interested in the integrated RAG and potential for internal document discussions and summarization capabilities within open-webui. I'm very concerned that after chats are deleted, they still exist in the docker disk image in all their plain-text glory. This is a serious problem in any business that needs to delete data, especially data that has personally-identifiable-information within the chats. Anyone wanting to test this for themselves could do the following: ask a model to generate a poem about a fictional word made up of random characters such as "write a poem about 139a95e". Then when it's done, delete the chat. Then open the docker disk image using a tool such as HxD and search for 139a95e, and you'll find the chat plain as day. I'm not sure what the best way to move forward is. Perhaps there could be some way of overwriting the chat data for the specific chat on the hard drive with random characters, then deleting but that would require the system to ensure it's overwriting the same sections of the drive. It appears that open-webui uses SQLite as its backend database. Maybe there are ways of "vacuuming" the database after a chat delete? If not, is there some way of providing a secure delete?</div>

GiteaMirror closed this issue

2025-11-11 14:58:07 -06:00

GiteaMirror referenced this issue

2026-04-19 19:36:49 -05:00

[GH-ISSUE #1983] Customize openai API model name #12711

GiteaMirror referenced this issue

2026-04-25 02:56:33 -05:00

[GH-ISSUE #1983] Customize openai API model name #28239

GiteaMirror referenced this issue

2026-05-05 12:22:53 -05:00

[GH-ISSUE #1983] Customize openai API model name #51377

Sign in to join this conversation.