db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathey Marsden <kmarsdende...@sbcglobal.net>
Subject Re: [jira] Assigned: (DERBY-2925) Prevent export from overwriting existing files
Date Mon, 16 Jul 2007 22:16:05 GMT
Dag H. Wanvik wrote:
>>> Prevent export from overwriting existing files
>>> ----------------------------------------------
>>>                 Key: DERBY-2925
>>>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>>>             Project: Derby
>>>          Issue Type: Sub-task
>>>          Components: Security, Tools
>>>    Affects Versions:,,,
>>>            Reporter: Kathey Marsden
>>>            Assignee: Ramin Moazeni
>>> Export should not overwrite existing files, but rather insist that
>>> the user remove them before writing to the file.  This will help
>>> prevent accidental or intentional corruption of the database with
>>> export.  This may introduce a compatibility issue with export but
>>> because export is usually an attended utility and not typically
>>> invoked as part of an application, I think the risk is worth the
>>> additional security this will provide.
> I am not sure blanket prohibition on exporting to existing files is
> the best approach. Apart from the compatibility issue I would say
> there is a usability issue as well, I know I never use "noclobber" in
> my UNIX shell settings ;) I think what we are trying to achieve here
> is to protect the database files. Couldn't a separate jar for this
> part of the code solve the issue (with a policy only allowing write to
> a dedicated export directory by default). If a separate jar is
> considered undesirable, one could limit the export to a relative file
> path and always require that it contain an export directory as its
> first path element, say "export". Just my 0.02 cents, please forgive
> if I missed some context discussions here.
I don't think adding another jar will improve usability.  I think the 
restriction of a dedicated export directory or restrictions on directory 
names for export will also not improve usability.   I think it is 
reasonable to expect the user to delete pre-existing files before 
exporting over them.  But this is all just a straight difference of opinion.


View raw message