[
https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16239681#comment-16239681
]
Bryan Pendleton commented on DERBY-2925:
----------------------------------------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2232
> Prevent export from overwriting existing files
> ----------------------------------------------
>
> Key: DERBY-2925
> URL: https://issues.apache.org/jira/browse/DERBY-2925
> Project: Derby
> Issue Type: Sub-task
> Components: Tools
> Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3
> Reporter: Kathey Marsden
> Assignee: Ramin Moazeni
> Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1
>
> Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff,
> DERBY-2925v1.stat, DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff,
> DERBY-2925v3.stat, DERBY-2925v4.diff, DERBY-2925v4.stat, DERBY-2925v5.diff,
> DERBY-2925v5.stat, DERBY-2925v6.diff, DERBY-2925v6.stat,
> derby-2925-07-aa-fileUrl.diff, releaseNote.html, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user
> remove them before writing to the file. This will help prevent accidental or
> intentional corruption of the database with export. This may introduce a
> compatibility issue with export but because export is usually an attended
> utility and not typically invoked as part of an application, I think the risk
> is worth the additional security this will provide.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
