Derby
  1. Derby
  2. DERBY-4493

encryptionAlgorithm is ignored at boot, but Documentation states it is required

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 10.5.3.0
    • Fix Version/s: 10.10.1.1
    • Component/s: Documentation
    • Environment:
      Windows XP SP3 / JRE 1.5 / Derby 10.5.3.0 embedded.
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      The documentation @ http://db.apache.org/derby/docs/10.5/devguide/tdevdvlp40140.html
      states that

      "If the algorithm that was used when the database was created is not the default algorithm, you must also specify the encryptionAlgorithm attribute"

      yet when I gave the wrong value of "DES/CBC/NoPadding", having created the database with "DESede", it booted without a problem. I was concerned that it might not have actually encrypted with the correct algorithm, given this Java bug:
      http://forums.sun.com/thread.jspa?threadID=5129170&start=15
      I was concerned that it might not use strong (>128 bit) encryption. Other people may be similarly concerned about what the documentation seems to say, given the behavior of the code. I think that statement in quotes should be removed entirely, and one stating something to the effect of

      "Just supply the bootPassword or encryptionKey attributes to boot the database."

      Should replace it.

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              Sven Pedersen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development