db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5969) Re-encryption and un-encryption silently fail if the database is already booted.
Date Thu, 01 Nov 2012 14:29:17 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-5969:
---------------------------------

    Attachment: derby-5969-01-aa-warnEncryptionOnBootedDB.diff

Attaching derby-5969-01-aa-warnEncryptionOnBootedDB.diff. This patch raises a SQLWarning if
you attempt to change the encryption on an already booted database. The warning tells you
that the encryption state was not changed and that you need to shutdown the database before
attempting the operation. Tests passed cleanly for me.

A warning is now raised if you set one of the following attributes while connecting to an
already booted database:

  dataEncryption
  newBootPassword
  newEncryptionKey
  decryptDatabase


My original plan was to raise an exception in these situations. The Reference Manual is quite
clear that dataEncryption=true is supposed to be used to change the encryption state of a
database. However, I decided that some applications may set dataEncryption=true every time
that they connect to an encrypted database--in previous releases that attribute has been treated
as a NOP if the database is already booted. So I downgraded the exception to a warning. I
suppose that we could still raise an exception for the other attributes (I don't imagine anyone
sets those attributes unless they really mean to change the encryption state of the database).
But it seemed cleaner to me to have one SQLState for this condition and to treat all of the
cases the same way.

After committing this patch, we will want to modify the user guides to clarify the following
point:

o If you are changing the encryption state of the database, be sure to check for SQLWarnings
after the change. The change succeeded only if there were no SQLWarnings or SQLExceptions.

We should probably add a release note too just in case applications are checking for SQLWarnings
after connecting to an already booted database with dataEncryption=true.

Touches the following files:

------------------

M       java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M       java/engine/org/apache/derby/loc/messages.xml
M       java/shared/org/apache/derby/shared/common/reference/SQLState.java

Raise new warning.

------------------

M       java/testing/org/apache/derbyTesting/functionTests/tests/store/DecryptDatabaseTest.java
M       java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java

New tests to verify that the warning is raised.

------------------

M       java/testing/org/apache/derbyTesting/functionTests/master/URLCheck.out

Adjust a test canon.

                
> Re-encryption and un-encryption silently fail if the database is already booted.
> --------------------------------------------------------------------------------
>
>                 Key: DERBY-5969
>                 URL: https://issues.apache.org/jira/browse/DERBY-5969
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>         Attachments: derby-5969-01-aa-warnEncryptionOnBootedDB.diff
>
>
> If the database is already booted, then the DBO's attempt to re-encrypt or un-encrypt
the database will silently fail. It will appear to the DBO that the re(un)encryption succeeded
but in fact the database will not be changed. Derby should raise an error if the database
is already booted when the DBO attempts re(un)encryption.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message