Derby
  1. Derby
  2. DERBY-2409

Connecting to an already booted database with (re)encryption attributes gives no error or warning

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Duplicate
    • Affects Version/s: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
    • Fix Version/s: None
    • Component/s: Store
    • Urgency:
      Normal
    • Issue & fix info:
      Repro attached

      Description

      If a database is shutdown and booted with (re)encryption,
      the (re)encryption boot will silently fail (i.e. no (re)encryption takes place), if another
      connection has booted the database in the meantime.

      Presumably, if the database was encrypted at creation time, only the dba will
      have the bootpassword and the above scenario is less likely.

      If it was created unencrypted, is is more of a hole, IMHO: Any other connection
      can then foil the encryption boot, even one which can not be authenticated,
      cf DERBY-2407. To further exacerbate this issue; when the database is shutdown
      and rebooted, using the boot password supplied (and the database was not encrypted),
      no error is given, since a boot password is not required. This can lull a dba
      into thinking the encryption took place!

      We may want to generate a warning or an error in these cases.

      This issue may affect upgrade boots as well?

      1. ij-repro.log
        0.8 kB
        Dag H. Wanvik

        Issue Links

          Activity

          Dag H. Wanvik created issue -
          Hide
          Dag H. Wanvik added a comment -

          The last tidbit may merit its own issue: A superfluous bootPassword
          (in a plain boot of an existing, already encrypted database) is also ignored.
          Data point: In contrast, a superfluous 'create=true' will give a warning.

          Show
          Dag H. Wanvik added a comment - The last tidbit may merit its own issue: A superfluous bootPassword (in a plain boot of an existing, already encrypted database) is also ignored. Data point: In contrast, a superfluous 'create=true' will give a warning.
          Dag H. Wanvik made changes -
          Field Original Value New Value
          Affects Version/s 10.0.2.2 [ 10992 ]
          Affects Version/s 10.1.3.2 [ 12311972 ]
          Affects Version/s 10.3.0.0 [ 12310800 ]
          Affects Version/s 10.1.4.0 [ 12311950 ]
          Affects Version/s 10.2.3.0 [ 12312215 ]
          Affects Version/s 10.2.2.1 [ 12312251 ]
          Hide
          Dag H. Wanvik added a comment -

          A small ij repro attached.

          Show
          Dag H. Wanvik added a comment - A small ij repro attached.
          Dag H. Wanvik made changes -
          Attachment ij-repro.log [ 12352782 ]
          Mike Matrigali made changes -
          Component/s Store [ 11412 ]
          Dag H. Wanvik made changes -
          Link This issue relates to DERBY-4254 [ DERBY-4254 ]
          Hide
          Rick Hillegas added a comment -

          Triaged for 10.5.2: assigned normal urgency and noted that a repro is available.

          Show
          Rick Hillegas added a comment - Triaged for 10.5.2: assigned normal urgency and noted that a repro is available.
          Rick Hillegas made changes -
          Urgency Normal
          Issue & fix info [Repro attached]
          Kathey Marsden made changes -
          Labels derby_triage10_5_2
          Hide
          Mike Matrigali added a comment -

          derby 10.9 triage.

          Show
          Mike Matrigali added a comment - derby 10.9 triage.
          Mike Matrigali made changes -
          Labels derby_triage10_5_2 derby_triage10_5_2 derby_triage10_9
          Rick Hillegas made changes -
          Link This issue is related to DERBY-5969 [ DERBY-5969 ]
          Knut Anders Hatlen made changes -
          Link This issue is part of DERBY-5970 [ DERBY-5970 ]
          Knut Anders Hatlen made changes -
          Link This issue is part of DERBY-5970 [ DERBY-5970 ]
          Hide
          Knut Anders Hatlen added a comment -

          This is fixed on trunk as DERBY-5969. Resolving this issue as a duplicate.

          Show
          Knut Anders Hatlen added a comment - This is fixed on trunk as DERBY-5969 . Resolving this issue as a duplicate.
          Knut Anders Hatlen made changes -
          Link This issue duplicates DERBY-5969 [ DERBY-5969 ]
          Knut Anders Hatlen made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Duplicate [ 3 ]
          Gavin made changes -
          Workflow jira [ 12398914 ] Default workflow, editable Closed status [ 12802097 ]
          Hide
          Knut Anders Hatlen added a comment -

          [bulk update] Close all resolved issues that haven't been updated for more than one year.

          Show
          Knut Anders Hatlen added a comment - [bulk update] Close all resolved issues that haven't been updated for more than one year.
          Knut Anders Hatlen made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Dag H. Wanvik
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development