db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Mon, 29 Oct 2012 20:02:13 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486299#comment-13486299
] 

Rick Hillegas commented on DERBY-5792:
--------------------------------------

I have buddy-tested this feature against the user documentation. As far as I can tell, the
feature behaves as described by the user documentation (see the script below). In addition,
I was not able to discover any new defects which are not also shared with re-encryption. However,
I believe that un-encryption and re-encryption share some defects which we should address.
I have logged the following bugs:

DERBY-5968 - A failed connection attempt may nevertheless manage to boot the database.

DERBY-5969 - Re-encryption and un-encryption silently fail if the database is already booted.

DERBY-5970 - Check that connection attributes have legal values.


connect 'jdbc:derby:db;create=true;user=test_dbo;dataEncryption=true;bootPassword=foobarwibblewombat';

call syscs_util.syscs_create_user( 'test_dbo', 'test_dbopassword' );
call syscs_util.syscs_create_user( 'fred', 'fredpassword' );

call syscs_util.syscs_backup_database_and_enable_log_archive_mode( 'backups', 0 );

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true';

-- need the bootpassword to boot the database
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;
connect 'jdbc:derby:db;user=fred;password=fredpassword;bootPassword=foobarwibblewombat';
select count(*) from sys.systables;

-- only the dbo can shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=fred;password=fredpassword';
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- only the dbo can unencrypt the database
connect 'jdbc:derby:db;user=fred;password=fredpassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- although the connection failed, the database is now booted so we need to shut it down.
see DERBY-5968 and DERBY-5969.
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- should fail because log archive mode is turned on
connect 'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- turn off log archival mode
connect 'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat';
call syscs_util.syscs_disable_log_archive_mode( 0 );

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- try a bad setting for decryptDatabase. silently ignored. see DERBY-5970.
connect 'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=fred';

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

--  fails because the database was not decrypted
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;

-- now unencryption should work
connect 'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

--  now anyone can boot the database without a bootpassword
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;

                
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff, derby-5792-1b-boilerplate_and_preparation.diff,
derby-5792-2a-decryptdatabasetest.diff, derby-5792-3a-decryption_feature.diff, derby-5792-4a-crash_and_dbo.diff,
derby-5792-4b-crash_and_dbo.diff, derby-5792-5a-old_container_removal_cleanup.diff, derby-5792-5b-old_container_removal_cleanup.diff
>
>
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message