Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 4518 invoked from network); 13 Jul 2007 18:48:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Jul 2007 18:48:30 -0000 Received: (qmail 30557 invoked by uid 500); 13 Jul 2007 18:48:29 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 30491 invoked by uid 500); 13 Jul 2007 18:48:29 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 30402 invoked by uid 99); 13 Jul 2007 18:48:28 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jul 2007 11:48:28 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jul 2007 11:48:25 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2C2FA714212 for ; Fri, 13 Jul 2007 11:48:05 -0700 (PDT) Message-ID: <15132240.1184352485176.JavaMail.jira@brutus> Date: Fri, 13 Jul 2007 11:48:05 -0700 (PDT) From: "Ramin Moazeni (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-2925) Prevent export from overwriting existing files In-Reply-To: <9019766.1184203084453.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramin Moazeni updated DERBY-2925: --------------------------------- Attachment: DERBY-2925v0.stat DERBY-2925v0.diff Hello, I am attaching an interim patch for this issue. I am still working on adding the tests to ImportExportBaseTest. Your review and feedback is greatly appreciated. To test the patch: 1) ij> connect 'jdbc:derby:test1;create=true'; 2) create table ex_emp(id int , name char(7) , skills varchar(200), salary decimal(10,2)); 3) ij> call SYSCS_UTIL.SYSCS_EXPORT_TABLE (null, 'EX_EMP' , '/home/ramin/emp.dat', null, null, null); 4) ij> call SYSCS_UTIL.SYSCS_EXPORT_TABLE (null, 'EX_EMP' , '/home/ramin/emp.dat', null, null, null); ERROR XSDF0: Could not create file /home/ramin/emp.dat as it already exists. 5) ij> CALL SYSCS_UTIL.SYSCS_EXPORT_QUERY_LOBS_TO_EXTFILE('SELECT * FROM EX_EMP','emp.del', ',' ,'"','UTF-8','pictures.dat'); 0 rows inserted/updated/deleted 6) ij> CALL SYSCS_UTIL.SYSCS_EXPORT_QUERY_LOBS_TO_EXTFILE('SELECT * FROM EX_EMP','emp.del', ',' ,'"','UTF-8','pictures.dat'); ERROR XSDF0: Could not create file staff.del as it already exists. 7) ij> CALL SYSCS_UTIL.SYSCS_EXPORT_QUERY_LOBS_TO_EXTFILE('SELECT * FROM EX_EMP','staff.del', ',' ,'"','UTF-8','pictures.dat'); ERROR XSDF0: Could not create file pictures.dat as it already exists. Thanks Ramin > Prevent export from overwriting existing files > ---------------------------------------------- > > Key: DERBY-2925 > URL: https://issues.apache.org/jira/browse/DERBY-2925 > Project: Derby > Issue Type: Sub-task > Components: Security, Tools > Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0 > Reporter: Kathey Marsden > Assignee: Ramin Moazeni > Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat > > > Export should not overwrite existing files, but rather insist that the user remove them before writing to the file. This will help prevent accidental or intentional corruption of the database with export. This may introduce a compatibility issue with export but because export is usually an attended utility and not typically invoked as part of an application, I think the risk is worth the additional security this will provide. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.