db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Tue, 18 Sep 2012 18:58:07 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458055#comment-13458055

Dag H. Wanvik commented on DERBY-5792:

The model for attributes are unclear, but they fall into two main categories [1]

   - operation (e.g. create, shutdown, restoreFrom)
   - arguments for an operation (e.g. password)

There is precendence for no-op operations being ignored (dataEncryption=false always, dataEncryption=true
on 2..n connect) and for raising SQLWarning (create=true on 2..n connect); the latter only
in the embedded driver (DERBY-5907).

Sometimes meaningless combinations of operations/arguments give errors, others are ignored..

I guess we can't resolve this state of things easily now, but it would be good to understand
which way we should head with this....
In any case, I think of decrypting as an operation separate from encryption, so I'd prefer
it to have its own attribute.
It may be ignored on attempts 2..n, I guess. "decryptDatabase=true" seems fine to me.


create=true attribute
createFrom=path attribute
dataEncryption=true attribute
failover=true attribute
restoreFrom=path attribute
shutdown=true attribute
rollForwardRecoveryFrom=path attribute
startMaster=true attribute
startSlave=true attribute
stopMaster=true attribute
stopSlave=true attribute
upgrade=true attribute
drop=true attribute


bootPassword=key attribute
collation=collation attribute
databaseName=nameofDatabase attribute
deregister=false attribute
encryptionKey=key attribute
encryptionProvider=providerName attribute
encryptionAlgorithm=algorithm attribute
logDevice=logDirectoryPath attribute
newEncryptionKey=key attribute
newBootPassword=newPassword attribute
password=userPassword attribute
retrieveMessageText=false attribute
securityMechanism=value attribute
slaveHost=hostname attribute
slavePort=portValue attribute
ssl=sslMode attribute
territory=ll_CC attribute
traceDirectory=path attribute
traceFile=path attribute
traceFileAppend=true attribute
traceLevel=value attribute
user=userName attribute
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message