[ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049897#comment-16049897 ]
Rick Hillegas commented on DERBY-2925: -------------------------------------- This issue was tracked by CVE-2010-2232 along with the documentation improvement at https://issues.apache.org/jira/browse/DERBY-4708. The fixes appeared in Derby version10.6.2.1 (see http://db.apache.org/derby/releases/release-10.6.2.1.html), which was released on 2010-10-05. > Prevent export from overwriting existing files > ---------------------------------------------- > > Key: DERBY-2925 > URL: https://issues.apache.org/jira/browse/DERBY-2925 > Project: Derby > Issue Type: Sub-task > Components: Tools > Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3 > Reporter: Kathey Marsden > Assignee: Ramin Moazeni > Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1 > > Attachments: derby-2925-07-aa-fileUrl.diff, DERBY-2925v0.diff, > DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat, DERBY-2925v2.diff, > DERBY-2925v2.stat, DERBY-2925v3.diff, DERBY-2925v3.stat, DERBY-2925v4.diff, > DERBY-2925v4.stat, DERBY-2925v5.diff, DERBY-2925v5.stat, DERBY-2925v6.diff, > DERBY-2925v6.stat, releaseNote.html, releaseNotev0.html > > > Export should not overwrite existing files, but rather insist that the user > remove them before writing to the file. This will help prevent accidental or > intentional corruption of the database with export. This may introduce a > compatibility issue with export but because export is usually an attended > utility and not typically invoked as part of an application, I think the risk > is worth the additional security this will provide. -- This message was sent by Atlassian JIRA (v6.4.14#64029)