db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2409) Connecting to an already booted database with (re)encryption attributes gives no error or warning
Date Tue, 06 Mar 2007 20:24:24 GMT
Connecting to an already booted database with (re)encryption attributes gives no error or warning
-------------------------------------------------------------------------------------------------

                 Key: DERBY-2409
                 URL: https://issues.apache.org/jira/browse/DERBY-2409
             Project: Derby
          Issue Type: Bug
    Affects Versions: 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1, 10.0.2.0,
10.0.2.2, 10.1.3.2, 10.1.4.0, 10.2.2.1, 10.2.3.0, 10.3.0.0
            Reporter: Dag H. Wanvik
            Priority: Minor


If a database is shutdown and booted with (re)encryption,
the (re)encryption boot will silently fail (i.e. no (re)encryption takes place), if another
connection has booted the database in the meantime.

Presumably, if the database was encrypted at creation time, only the dba will
have the bootpassword and the above scenario is less likely.

If it was created unencrypted, is is more of a hole, IMHO: Any other connection 
can then foil the encryption boot, even one which can not be authenticated,
cf DERBY-2407. To further exacerbate this issue; when the database is shutdown
and rebooted, using the boot password supplied (and the database was not encrypted),
no  error is given, since a boot password is not required. This can lull a dba
into thinking the encryption took place! :( 

We may want to generate a warning or an error in these cases.

This issue may affect upgrade boots as well?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message