Thanks for taking time to review the spec Dan. I will update the spec
with your suggestions. My comments are in-line.
Daniel John Debrunner (JIRA) wrote:
[ http://issues.apache.org/jira/browse/DERBY-1156?page=comments#action_12377425 ]
Daniel John Debrunner commented on DERBY-1156:
----------------------------------------------
Comments on the functional part of the spec:
Encrypting an existing un-encrypted database:
- I assume the other encryption properties can be set at this time, such as
encrpytionAlgorithm - would be good to state that.
yes. All the encryption properties that are allowed now during create
should work in this case also.
- jdbc:derby:salesdb;dataEncryption=true;bootPassword=1234xyz - Does this example work?
I thought the boot password had
to be at least eight characters?
you are right, password should be atleast 8 characters.
Encrypting with a new password or a new encryption key:
- Just want to ensure the terminology is clear here,
"Database will be encrypted with new password/key if it is booted with
following new URL attributes:"
The database is always encrypted with a new encryption key, and if
newBootPassword is used then that key
is protected with a new boot password.
"... all the data in the database will be encrypted using this password ..."
.. all the data in the database will be encrypted with a newly generated
key ...
In this mode can the encryption algorithm be changed?
It can be supported. I was planning to look at this case after I get
the rest of the work done, if I get time. Do you think this is
something that will be useful to the users ?
Thanks
-suresh
