db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramin Moazeni (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2925) Prevent export from overwriting existing files
Date Fri, 13 Jul 2007 00:23:09 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12512316
] 

Ramin Moazeni commented on DERBY-2925:
--------------------------------------

To Reproduce this issue:
ij>  connect 'jdbc:derby:test1;create=true';
ij> create table ex_emp(id int , name char(7) , skills varchar(200), salary decimal(10,2));
ij> insert into ex_emp values(99,'smith','tennis"p,l,ayer"',190.55);
ij> call SYSCS_UTIL.SYSCS_EXPORT_TABLE (null, 'EX_EMP' , '/home/ramin/emp.dat', null, null,
null);
[ramin@ramin ~]$ ls -ltr emp.dat
-rw-r--r-- 1 ramin ramin 43 Jul 12 04:57 emp.dat

Calling SYSCS_UTIL.SYSCS_EXPORT_TABLE for a second time:
ij> call SYSCS_UTIL.SYSCS_EXPORT_TABLE (null, 'EX_EMP' , '/home/ramin/emp.dat', null, null,
null);
[ramin@ramin ~]$ ls -ltr emp.dat
-rw-r--r-- 1 ramin ramin 43 Jul 12 05:04 emp.dat

As you can see, the problem is reproduced this through the ij tool. I have yet to write a
program 
for this...but I think it is mentioned that this won't be invoked from an application.

> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>
> Export should not overwrite existing files, but rather insist that the user remove them
before writing to the file.  This will help prevent accidental or intentional corruption of
the database with export.  This may introduce a compatibility issue with export but because
export is usually an attended utility and not typically invoked as part of an application,
I think the risk is worth the additional security this will provide.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message