db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Tue, 18 Sep 2012 05:26:08 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457609#comment-13457609
] 

Kristian Waagan commented on DERBY-5792:
----------------------------------------

I decided to delete the patch, as I'm changing strategy. I will first implement the changes
required to support decryption, and then change existing comments and documentation as required.
There are many occurrences where existing text must be changed to mention both encryption
and decryption.
As for implementing the feature, I now have a working prototype. I have tests almost ready
for:
 o decryption
 o decryption on un-encrypted database
 o decryption of booted database
 o DBO requirement (following existing rules on this topic)
 o conflicting attributes (may have to change, see below)

Missing tests:
 o feature disabled on older databases
 o connecting while decrypting? (I'm hoping this is dealt with already, testing may be a bit
awkward)


I'm wondering how to best control the feature. There are two main possibilities:
 a) Add a new URL attribute (decryptDatabase=true).
 b) Reuse an existing URL attribute (dataEncryption=false?)

Option (b) is possible, but may be confusing. Using a binary value, one must also take care
to distinguish between false and unspecified.
Another possibility for (a) is "dataDecryption" to keep it similar to "dataEncryption". That
doesn't sound as good to me, since decryption in this sense is a one-time operation, but maybe
the similarity is reason good enough?

Any opinions on the choice of URL attribute?
                
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message