[
https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514667
]
Bryan Pendleton commented on DERBY-2925:
----------------------------------------
Hi Ramin, thanks for the v2 patch, it looks very good.
I noticed that part of the patch involves code that will delete the
partially-written output file(s) if the EXPORT operation fails. Is that a new
behavior of EXPORT? It doesn't seem exactly related to the main issue of
DERBY-2925.
Do you think that the patch would still be valid without the deleteFile
portion? Or is that a necessary component of the patch?
thanks,
bryan
> Prevent export from overwriting existing files
> ----------------------------------------------
>
> Key: DERBY-2925
> URL: https://issues.apache.org/jira/browse/DERBY-2925
> Project: Derby
> Issue Type: Sub-task
> Components: Security, Tools
> Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
> Reporter: Kathey Marsden
> Assignee: Ramin Moazeni
> Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff,
> DERBY-2925v1.stat, DERBY-2925v2.diff, DERBY-2925v2.stat
>
>
> Export should not overwrite existing files, but rather insist that the user
> remove them before writing to the file. This will help prevent accidental or
> intentional corruption of the database with export. This may introduce a
> compatibility issue with export but because export is usually an attended
> utility and not typically invoked as part of an application, I think the risk
> is worth the additional security this will provide.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
