[jira] Commented: (DERBY-4328) The Developer's Guide falsely claims that you can use SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY to change the boot password on an encrypted database.

[Rick Hillegas (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DERBY-4328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12744105#action_12744105
 ] 

Rick Hillegas commented on DERBY-4328:
--------------------------------------

Thanks for pointing this out, Knut. I can verify that the following script runs 
as expected:

connect 
'jdbc:derby:memory:encdbcbc_128;create=true;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Thursday';
create table t1(i1 int);
insert into t1 values ( 1);
select * from t1;
call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('bootPassword', 'Thursday , 
Saturday');
disconnect;
connect 'jdbc:derby:memory:encdbcbc_128;shutdown=true';

-- should fail
connect 
'jdbc:derby:memory:encdbcbc_128;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Thursday';

-- should succeed
connect 
'jdbc:derby:memory:encdbcbc_128;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Saturday';
select * from t1;
disconnect;

But now I don't understand how the passwords are supposed to be escaped if they 
contain commas or end in whitespace. It doesn't appear to me that the code 
addresses this issue. The second argument is parsed into old and new passwords 
by JCECipherFactory.changeBootPassword(). That method seems to just look for 
the first comma, then trims all the trailing whitespace off of the first boot 
password. See this script:

connect 
'jdbc:derby:memory:encdbcbc_128;create=true;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Thursday
 ,';
create table t1(i1 int);
insert into t1 values ( 1);
select * from t1;

-- this fails to parse the old boot password
call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('bootPassword', 'Thursday , , 
Saturday');
disconnect;
connect 'jdbc:derby:memory:encdbcbc_128;shutdown=true';

-- succeeds
connect 
'jdbc:derby:memory:encdbcbc_128;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Thursday
 ,';
select * from t1;
disconnect;

-- fails
connect 
'jdbc:derby:memory:encdbcbc_128;dataEncryption=true;encryptionKeyLength=128;encryptionAlgorithm=AES/CBC/NoPadding;bootPassword=Saturday';

If someone wants to re-instate this documentation, then I think that the new 
documentation should address the escaping topic. I can see a couple resolutions 
of this issue:

1) Leave the situation as it is. Don't re-instate this documentation. Users can 
continue to change the boot password using the currently documented technique. 
The currently documented technique may have its own escaping issues involving 
semicolons.

2) Re-instate the documentation with a note that this technique will not work 
for boot passwords which contain commas or end in whitespace.

3) Invent some escaping syntax, wire it into JCECipherFactory, then describe 
that in the re-instated documentation. If we go this route, then we may want to 
make the escaping syntax work for the other (currently documented) technique 
for changing boot passwords.


> The Developer's Guide falsely claims that you can use 
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY to change the boot password on an 
> encrypted database.
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4328
>                 URL: https://issues.apache.org/jira/browse/DERBY-4328
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>             Fix For: 10.5.3.0
>
>         Attachments: derby-4328-01-aa-removeFalseReencryptionClaim.diff
>
>
> This claim is made in the section titled 'Changing the boot password'. If you 
> try to run the example, you get this error:
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY( 'bootPassword', 'Thursday' , 
> 'Saturday');
> ERROR 42Y03: 'SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY' is not recognized as a 
> function or procedure.
> The correct way to change the boot password is documented earlier on in the 
> section titled 'Encrypting databases with a new boot password'. We should 
> remove the section titled 'Changing the boot password'.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.