db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Thalamati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1373) Encrypted databases cannot be booted using the jar subprotocol (and possibly also using http/https/classpath)
Date Wed, 19 Jul 2006 21:53:16 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1373?page=comments#action_12422263 ] 
            
Suresh Thalamati commented on DERBY-1373:
-----------------------------------------

I reviewed the patch , it looks good.  Thanks for adding  the test to test  the encryption
with jar and classpath protocols.   While reviewing the test I  noticed  it  is not running
under  security manager. 

+# Test fails with security manager because it uses some functions in 
+# org/apache/derbyTesting/functionTests/tests/lang/dbjarUtil.java for
+# creating archive and these methods do not use a privileged block
+# to read the properties etc.  
+noSecurityManager=true

It would be good if  this test can run under the security manager.   I also thing some methods
in the dbjarUtil.java would require privilegded blocks because the methods in them are called
indirectly through the java procedures using the derby  engine.    I think recently  some
one  addded  framework  that allows to specify test specific permissions., incase if this
test  needs any special permissions.  if  you don't have time to address  this issue now,
could you please file a JIRA entry.

I am running  derbyall ,  so far i have not seen any failures .  I  will commit the patch,
 if  all the tests pass. 
  
Thanks
-suresh




> Encrypted databases cannot be booted using the jar subprotocol (and possibly also using
http/https/classpath)
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1373
>                 URL: http://issues.apache.org/jira/browse/DERBY-1373
>             Project: Derby
>          Issue Type: Bug
>          Components: Store
>    Affects Versions: 10.1.2.4
>         Environment: Environment does not matter.
>            Reporter: Mathias Herberts
>         Assigned To: Mathias Herberts
>             Fix For: 10.2.0.0
>
>         Attachments: derby1373.diff.txt, derby1373.stat.txt, encryptedJar.patch, InputStreamFile.java-patch,
InputStreamRandomAccessFile.java
>
>
> An encrypted database cannot be booted when using the jar subprotocol.
> The problem lies in the method run from JCECipherFactory. The call to getRandomAccessFile
returns null when the verifyKeyFile is an instance of InputStreamFile and the key verification
therefore fails.
> The implementation of getRandomAccessFile for InputStreamFile states that its code cannot
be reached which is untrue.
> The provided patch does two things, it provides a new class InputStreamRandomAccessFile
in package org.apache.derby.impl.io. This class provides simple implementations of readInt
and readFully so the key verification process succeeds. A quick scan of the derby source tree
showed no problem or possible impact of this simple implementation.
> The second thing the patch does is to modify org/apache/derby/impl/io/InputStreamFile.java
so the getRandomAccessFile creates an instance of InputStreamRandomAccessFile instead of returning
null.
> This patch has been tested against trunk 410361. It solves the problem at least under
the jar subprotocol.
> The patch has not been tested against http/https/classpath.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message