Derby
  1. Derby
  2. DERBY-4493

encryptionAlgorithm is ignored at boot, but Documentation states it is required

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 10.5.3.0
    • Fix Version/s: 10.10.1.1
    • Component/s: Documentation
    • Environment:
      Windows XP SP3 / JRE 1.5 / Derby 10.5.3.0 embedded.
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      The documentation @ http://db.apache.org/derby/docs/10.5/devguide/tdevdvlp40140.html
      states that

      "If the algorithm that was used when the database was created is not the default algorithm, you must also specify the encryptionAlgorithm attribute"

      yet when I gave the wrong value of "DES/CBC/NoPadding", having created the database with "DESede", it booted without a problem. I was concerned that it might not have actually encrypted with the correct algorithm, given this Java bug:
      http://forums.sun.com/thread.jspa?threadID=5129170&start=15
      I was concerned that it might not use strong (>128 bit) encryption. Other people may be similarly concerned about what the documentation seems to say, given the behavior of the code. I think that statement in quotes should be removed entirely, and one stating something to the effect of

      "Just supply the bootPassword or encryptionKey attributes to boot the database."

      Should replace it.

        Issue Links

          Activity

          Hide
          Bryan Pendleton added a comment -

          Sent a mail to the derby-dev list to try to get clarification on some of the confusing behaviors in this area.

          Show
          Bryan Pendleton added a comment - Sent a mail to the derby-dev list to try to get clarification on some of the confusing behaviors in this area.
          Hide
          Bryan Pendleton added a comment -
          Show
          Bryan Pendleton added a comment - Here's a link to the mail: http://article.gmane.org/gmane.comp.apache.db.derby.devel/74594
          Hide
          Sven Pedersen added a comment -

          Thanks, Bryan. It looks like you have explained and documented the
          issue very well.
          --Sven


          ``All that is gold does not glitter,
          not all those who wander are lost;
          the old that is strong does not wither,
          deep roots are not reached by the frost.
          From the ashes a fire shall be woken,
          a light from the shadows shall spring;
          renewed shall be blade that was broken,
          the crownless again shall be king.”

          Show
          Sven Pedersen added a comment - Thanks, Bryan. It looks like you have explained and documented the issue very well. --Sven – ``All that is gold does not glitter, not all those who wander are lost; the old that is strong does not wither, deep roots are not reached by the frost. From the ashes a fire shall be woken, a light from the shadows shall spring; renewed shall be blade that was broken, the crownless again shall be king.”
          Hide
          Mamta A. Satoor added a comment -

          There has been no activity on this jira for a very long time. I think Bryan suggested some doc changes in the link he provided above.

          Show
          Mamta A. Satoor added a comment - There has been no activity on this jira for a very long time. I think Bryan suggested some doc changes in the link he provided above.
          Hide
          Bryan Pendleton added a comment -

          Wow I forgot about this one! I'm not actively working on it, so marked as unassigned. From the comments in the issue, the proposed documentation text was acceptable to the community.

          Show
          Bryan Pendleton added a comment - Wow I forgot about this one! I'm not actively working on it, so marked as unassigned. From the comments in the issue, the proposed documentation text was acceptable to the community.
          Hide
          Kim Haase added a comment -

          We did a major overhaul of the database-encryption documentation for 10.10 (see DERBY-1721), and this topic actually went away – we put all the info in one section instead of scattering it. I think it is safe to mark this issue as resolved.

          Show
          Kim Haase added a comment - We did a major overhaul of the database-encryption documentation for 10.10 (see DERBY-1721 ), and this topic actually went away – we put all the info in one section instead of scattering it. I think it is safe to mark this issue as resolved.
          Hide
          Kim Haase added a comment -

          Fixed by other work (DERBY-1721), so closing.

          Show
          Kim Haase added a comment - Fixed by other work ( DERBY-1721 ), so closing.

            People

            • Assignee:
              Unassigned
              Reporter:
              Sven Pedersen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development