db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-2925) Prevent export from overwriting existing files
Date Sun, 05 Nov 2017 18:52:01 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16239681#comment-16239681
] 

Bryan Pendleton commented on DERBY-2925:
----------------------------------------

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2232

> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>             Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1
>
>         Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat,
DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff, DERBY-2925v3.stat, DERBY-2925v4.diff,
DERBY-2925v4.stat, DERBY-2925v5.diff, DERBY-2925v5.stat, DERBY-2925v6.diff, DERBY-2925v6.stat,
derby-2925-07-aa-fileUrl.diff, releaseNote.html, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user remove them
before writing to the file.  This will help prevent accidental or intentional corruption of
the database with export.  This may introduce a compatibility issue with export but because
export is usually an attended utility and not typically invoked as part of an application,
I think the risk is worth the additional security this will provide.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message