db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Tue, 18 Sep 2012 18:58:07 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458055#comment-13458055
] 

Dag H. Wanvik commented on DERBY-5792:
--------------------------------------

The model for attributes are unclear, but they fall into two main categories [1]

   - operation (e.g. create, shutdown, restoreFrom)
   - arguments for an operation (e.g. password)

There is precendence for no-op operations being ignored (dataEncryption=false always, dataEncryption=true
on 2..n connect) and for raising SQLWarning (create=true on 2..n connect); the latter only
in the embedded driver (DERBY-5907).

Sometimes meaningless combinations of operations/arguments give errors, others are ignored..

I guess we can't resolve this state of things easily now, but it would be good to understand
which way we should head with this....
In any case, I think of decrypting as an operation separate from encryption, so I'd prefer
it to have its own attribute.
It may be ignored on attempts 2..n, I guess. "decryptDatabase=true" seems fine to me.

[1]
Operations

create=true attribute
createFrom=path attribute
dataEncryption=true attribute
failover=true attribute
restoreFrom=path attribute
shutdown=true attribute
rollForwardRecoveryFrom=path attribute
startMaster=true attribute
startSlave=true attribute
stopMaster=true attribute
stopSlave=true attribute
upgrade=true attribute
drop=true attribute


Arguments

bootPassword=key attribute
collation=collation attribute
databaseName=nameofDatabase attribute
deregister=false attribute
encryptionKey=key attribute
encryptionProvider=providerName attribute
encryptionAlgorithm=algorithm attribute
logDevice=logDirectoryPath attribute
newEncryptionKey=key attribute
newBootPassword=newPassword attribute
password=userPassword attribute
retrieveMessageText=false attribute
securityMechanism=value attribute
slaveHost=hostname attribute
slavePort=portValue attribute
ssl=sslMode attribute
territory=ll_CC attribute
traceDirectory=path attribute
traceFile=path attribute
traceFileAppend=true attribute
traceLevel=value attribute
user=userName attribute
                
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff
>
>
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message