[ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16239681#comment-16239681 ]
Bryan Pendleton commented on DERBY-2925: ---------------------------------------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2232 > Prevent export from overwriting existing files > ---------------------------------------------- > > Key: DERBY-2925 > URL: https://issues.apache.org/jira/browse/DERBY-2925 > Project: Derby > Issue Type: Sub-task > Components: Tools > Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3 > Reporter: Kathey Marsden > Assignee: Ramin Moazeni > Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1 > > Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, > DERBY-2925v1.stat, DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff, > DERBY-2925v3.stat, DERBY-2925v4.diff, DERBY-2925v4.stat, DERBY-2925v5.diff, > DERBY-2925v5.stat, DERBY-2925v6.diff, DERBY-2925v6.stat, > derby-2925-07-aa-fileUrl.diff, releaseNote.html, releaseNotev0.html > > > Export should not overwrite existing files, but rather insist that the user > remove them before writing to the file. This will help prevent accidental or > intentional corruption of the database with export. This may introduce a > compatibility issue with export but because export is usually an attended > utility and not typically invoked as part of an application, I think the risk > is worth the additional security this will provide. -- This message was sent by Atlassian JIRA (v6.4.14#64029)