[ 
https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049897#comment-16049897
 ] 

Rick Hillegas commented on DERBY-2925:
--------------------------------------

This issue was tracked by CVE-2010-2232 along with the documentation 
improvement at https://issues.apache.org/jira/browse/DERBY-4708. The fixes 
appeared in Derby version10.6.2.1 (see 
http://db.apache.org/derby/releases/release-10.6.2.1.html), which was released 
on 2010-10-05.

> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>             Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1
>
>         Attachments: derby-2925-07-aa-fileUrl.diff, DERBY-2925v0.diff, 
> DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat, DERBY-2925v2.diff, 
> DERBY-2925v2.stat, DERBY-2925v3.diff, DERBY-2925v3.stat, DERBY-2925v4.diff, 
> DERBY-2925v4.stat, DERBY-2925v5.diff, DERBY-2925v5.stat, DERBY-2925v6.diff, 
> DERBY-2925v6.stat, releaseNote.html, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user 
> remove them before writing to the file.  This will help prevent accidental or 
> intentional corruption of the database with export.  This may introduce a 
> compatibility issue with export but because export is usually an attended 
> utility and not typically invoked as part of an application, I think the risk 
> is worth the additional security this will provide.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to