Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 36F4EEFB5 for ; Mon, 26 Nov 2012 13:10:59 +0000 (UTC) Received: (qmail 18996 invoked by uid 500); 26 Nov 2012 13:10:59 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 18805 invoked by uid 500); 26 Nov 2012 13:10:58 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 18790 invoked by uid 99); 26 Nov 2012 13:10:58 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Nov 2012 13:10:58 +0000 Date: Mon, 26 Nov 2012 13:10:58 +0000 (UTC) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Message-ID: <970024055.22719.1353935458321.JavaMail.jiratomcat@arcas> In-Reply-To: <499139948.40460.1351540092229.JavaMail.jiratomcat@arcas> Subject: [jira] [Updated] (DERBY-5970) Check that connection attributes have legal values. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-5970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rick Hillegas updated DERBY-5970: --------------------------------- Attachment: AttributeChecks.html Thanks for that additional feedback, Knut. Attaching a fourth rev of the spec, which incorporates that suggestion. > Check that connection attributes have legal values. > --------------------------------------------------- > > Key: DERBY-5970 > URL: https://issues.apache.org/jira/browse/DERBY-5970 > Project: Derby > Issue Type: Bug > Components: Services > Affects Versions: 10.10.0.0 > Reporter: Rick Hillegas > Attachments: AttributeChecks.html, AttributeChecks.html, AttributeChecks.html, AttributeChecks.html, derby-5970-01-aa-vetDecryptDatabaseValue.diff, derby-5970-01-ab-vetDecryptDatabaseValue.diff, derby-5970-02-aa-vetDataEncryptionValue.diff > > > At boot time, Derby does not check whether connection attributes are set to legal values. This can cause them to be silently ignored. In the case of security operations like re(un)encryption, these silent failures deceive the DBO into thinking that the security behavior of the database has changed when, in fact, it hasn't. We should do the following: > 1) Prevent decryptDatabase from being set to an illegal value. Since this is a new attribute, there are no backward compatibility issues. > 2) Evaluate other attributes on a case-by-case basis to determine which ones should raise exceptions if they are set to illegal values. Technically, this may result in backwardly incompatible behavior. However, I think that for most attributes, we will decide that the incompatibility is minor and is a welcome bugfix. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira