[
https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514355
]
Bryan Pendleton commented on DERBY-2925:
----------------------------------------
I'm comfortable with the general technique; I think it is acceptable for the
*EXPORT* family of procedures to refuse to overwrite existing files.
A couple comments on the v1 diff:
1) The "IJ" tests don't seem quite right to me: the tests refer to table
DERBY_2925_BOOK but it looks like the actual test table is called
derby_2925_lob? Some of the tests seem to be getting table-not-found errors.
2) I think we should put some effort into making the two messages as clear as
possible, both to make it as clear as possible that this is intentional
behavior (and not a bug), and to help people understand what they should do
when this happens. For example, we don't want people to waste time thinking
that there is a file permissions problem here, and trying to re-run the export
after fiddling with file permissions.
Here is a proposed suggestion for the text for the two messages:
+ <msg>
+ <name>XIE0S.S</name>
+ <text>The export operation was not performed, because the
specified output file ({0}) already exists. Export processing will not
overwrite an existing file, even if the process has permissions to write to
that file, due to security concerns, and to avoid accidental file damage.
Please either change the output file name in the export procedure arguments to
specify a file which does not exist, or delete the existing file, then retry
the export operation.</text>
+ <arg>fileName</arg>
+ </msg>
+ <msg>
+ <name>XIE0T.S</name>
+ <text>The export operation was not performed, because the
specified large object auxiliary file ({0}) already exists. Export processing
will not overwrite an existing file, even if the process has permissions to
write to that file, due to security concerns, and to avoid accidental file
damage. Please either change the large object auxiliary file name in the export
procedure arguments to specify a file which does not exist, or delete the
existing file, then retry the export operation.</text>
+ <arg>fileName</arg>
+ </msg>
> Prevent export from overwriting existing files
> ----------------------------------------------
>
> Key: DERBY-2925
> URL: https://issues.apache.org/jira/browse/DERBY-2925
> Project: Derby
> Issue Type: Sub-task
> Components: Security, Tools
> Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
> Reporter: Kathey Marsden
> Assignee: Ramin Moazeni
> Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff,
> DERBY-2925v1.stat
>
>
> Export should not overwrite existing files, but rather insist that the user
> remove them before writing to the file. This will help prevent accidental or
> intentional corruption of the database with export. This may introduce a
> compatibility issue with export but because export is usually an attended
> utility and not typically invoked as part of an application, I think the risk
> is worth the additional security this will provide.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
