db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2925) Prevent export from overwriting existing files
Date Fri, 20 Jul 2007 22:20:06 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514355
] 

Bryan Pendleton commented on DERBY-2925:
----------------------------------------

I'm comfortable with the general technique; I think it is acceptable for the *EXPORT* family
of procedures to refuse to overwrite existing files.

A couple comments on the v1 diff:

1) The "IJ" tests don't seem quite right to me: the tests refer to table DERBY_2925_BOOK but
it looks like the actual test table is called derby_2925_lob? Some of the tests seem to be
getting table-not-found errors.

2) I think we should put some effort into making the two messages as clear as possible, both
to make it as clear as possible that this is intentional behavior (and not a bug), and to
help people understand what they should do when this happens. For example, we don't want people
to waste time thinking that there is a file permissions problem here, and trying to re-run
the export after fiddling with file permissions.

Here is a proposed suggestion for the text for the two messages:

+	    <msg>
+                <name>XIE0S.S</name>
+		<text>The export operation was not performed, because the specified output file ({0})
already exists. Export processing will not overwrite an existing file, even if the process
has permissions to write to that file, due to security concerns, and to avoid accidental file
damage. Please either change the output file name in the export procedure arguments to specify
a file which does not exist, or delete the existing file, then retry the export operation.</text>
+                <arg>fileName</arg>
+            </msg>
 
+	    <msg>
+                <name>XIE0T.S</name>
+		<text>The export operation was not performed, because the specified large object
auxiliary file ({0}) already exists. Export processing will not overwrite an existing file,
even if the process has permissions to write to that file, due to security concerns, and to
avoid accidental file damage. Please either change the large object auxiliary file name in
the export procedure arguments to specify a file which does not exist, or delete the existing
file, then retry the export operation.</text>
+                <arg>fileName</arg>
+            </msg>



> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>         Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat
>
>
> Export should not overwrite existing files, but rather insist that the user remove them
before writing to the file.  This will help prevent accidental or intentional corruption of
the database with export.  This may introduce a compatibility issue with export but because
export is usually an attended utility and not typically invoked as part of an application,
I think the risk is worth the additional security this will provide.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message