Return-Path:
X-Original-To: apmail-db-derby-commits-archive@www.apache.org
Delivered-To: apmail-db-derby-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 17C9ED3C5
for ;
Wed, 17 Oct 2012 20:31:55 +0000 (UTC)
Received: (qmail 47753 invoked by uid 500); 17 Oct 2012 20:31:55 -0000
Delivered-To: apmail-db-derby-commits-archive@db.apache.org
Received: (qmail 47710 invoked by uid 500); 17 Oct 2012 20:31:55 -0000
Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help:
list-unsubscribe:
List-Post:
Reply-To: "Derby Development"
List-Id:
Delivered-To: mailing list derby-commits@db.apache.org
Received: (qmail 47702 invoked by uid 99); 17 Oct 2012 20:31:54 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Oct 2012 20:31:54 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Oct 2012 20:31:52 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id AD9A323889E7;
Wed, 17 Oct 2012 20:31:09 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1399419 - in /db/derby/docs/trunk/src:
devguide/cdevcsecuredecryptdb.dita devguide/derbydev.ditamap
ref/refderby.ditamap ref/rrefattrib15290.dita ref/rrefattribdecryptdb.dita
Date: Wed, 17 Oct 2012 20:31:09 -0000
To: derby-commits@db.apache.org
From: chaase3@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20121017203109.AD9A323889E7@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: chaase3
Date: Wed Oct 17 20:31:08 2012
New Revision: 1399419
URL: http://svn.apache.org/viewvc?rev=1399419&view=rev
Log:
DERBY-5939 Document URL attribute for database decryption
Added 1 Developer's Guide and 1 Reference Manual topic, modified the map files,
and added a sentence to another Reference Manual topic.
Patch: DERBY-5939.diff
Added:
db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita (with props)
db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita (with props)
Modified:
db/derby/docs/trunk/src/devguide/derbydev.ditamap
db/derby/docs/trunk/src/ref/refderby.ditamap
db/derby/docs/trunk/src/ref/rrefattrib15290.dita
Added: db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita?rev=1399419&view=auto
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita (added)
+++ db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita Wed Oct 17 20:31:08 2012
@@ -0,0 +1,58 @@
+
+
+
+
+Decrypting an encrypted database
+You can return an encrypted database to an unencrypted state by
+specifying attributes on the connection URL.
+
+encrypted databasesdecrypting
+
+
+
+To decrypt an encrypted database, specify the decryptDatabase=true
+attribute in conjunction with either the bootPassword=key attribute or
+the encryptionKey=key attribute.
+See the for details on the
+connection URL attributes.
+Ensure
+that you have enough free disk space before you decrypt a database. In addition
+to the disk space required for the unencrypted size of the database, temporary
+disk space is required to store the encrypted version of the data to restore the
+database to its encrypted state if the decryption is interrupted or returns
+errors. All of the temporary disk space is released back to the operating
+system after the database is decrypted.
+You must shut down the database before you decrypt it. An attempt to decrypt
+a booted database has no effect.
+If the database is configured with log archival, you must disable log
+archival in addition to shutting down the database before you can decrypt the
+database. You should also create a new backup of the database before you decrypt
+it, and create another after you decrypt it. For more information, see the
+section "Backing up and restoring databases" in the
+, particularly "Roll-forward
+recovery".
+If any global transactions are in the prepared state after recovery, the
+database cannot be decrypted.
+If authentication
+and SQL authorization
+are both enabled, the credentials of the
+database owner
+must be supplied as well, since decryption is a restricted operation.
+
+
Propchange: db/derby/docs/trunk/src/devguide/cdevcsecuredecryptdb.dita
------------------------------------------------------------------------------
svn:eol-style = native
Modified: db/derby/docs/trunk/src/devguide/derbydev.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/derbydev.ditamap?rev=1399419&r1=1399418&r2=1399419&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/derbydev.ditamap (original)
+++ db/derby/docs/trunk/src/devguide/derbydev.ditamap Wed Oct 17 20:31:08 2012
@@ -1380,12 +1380,14 @@ limitations under the License.
-
-
+
+
+
+
@@ -1398,11 +1400,13 @@ limitations under the License.
+
+
-
+
@@ -1478,6 +1482,16 @@ limitations under the License.
+
+
+
+
+
+
+
+
+
+
@@ -2058,6 +2072,8 @@ with updatable result sets">
+
+
Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?rev=1399419&r1=1399418&r2=1399419&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Wed Oct 17 20:31:08 2012
@@ -1126,6 +1126,8 @@ URL syntax">
+
+
Modified: db/derby/docs/trunk/src/ref/rrefattrib15290.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib15290.dita?rev=1399419&r1=1399418&r2=1399419&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattrib15290.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefattrib15290.dita Wed Oct 17 20:31:08 2012
@@ -30,7 +30,12 @@ data encryption<
FunctionSpecifies data encryption on disk for a
new database or to configure an existing unencrypted database for encryption.
For information about data encryption, see "Encrypting databases on disk"
-in the .
+in the .
+After you encrypt a database, you can return it to the unencrypted
+state by specifying the
+decryptDatabase=true
+attribute.
+
Combining with other attributes
The dataEncryption=true attribute must be combined with either the
bootPassword=key
Added: db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita?rev=1399419&view=auto
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita Wed Oct 17 20:31:08 2012
@@ -0,0 +1,63 @@
+
+
+
+
+
+decryptDatabase=true attribute
+
+decryptDatabase=true attribute
+encrypting databasesdatabase decryption
+databasesattributes, data decryption
+attributesdecryptDatabase
+
+
+
+Function
+Returns an encrypted database to an unencrypted state. For information about
+data encryption, see "Encrypting databases on disk" in the
+.
+You must shut down the database before you decrypt it. An attempt to decrypt
+a booted database has no effect.
+Specifying this attribute for an unencrypted database has no effect.
+
+Combining with other attributes
+The decryptDatabase=true attribute must be combined with either the
+bootPassword=key
+attribute or the
+encryptionKey=key
+attribute.
+
+For an existing, encrypted database for which authentication and SQL
+authorization are both enabled, only the
+database owner can
+perform decryption. See also "Enabling user authentication" and
+"Setting the SQL standard authorization mode" in the
+ for more information.
+
+Examples
+-- decrypt a database
+jdbc:derby:encryptedDB;decryptDatabase=true;bootPassword=cLo4u922sc23aPe
+-- decrypt a database with authentication and SQL authorization enabled
+jdbc:derby:salesdb;decryptDatabase=true;user=user1;password=mypass;
+ bootPassword=cLo4u922sc23aPe
+
+
+
+
+
Propchange: db/derby/docs/trunk/src/ref/rrefattribdecryptdb.dita
------------------------------------------------------------------------------
svn:eol-style = native