[
https://issues.apache.org/jira/browse/DERBY-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12771475#action_12771475
]
Rick Hillegas commented on DERBY-4428:
--------------------------------------
Thanks for working on this, Kristian. Some comments follow:
> - the delete mechanism is generic (all storage factories that is writable).
> Should the feature be in-memory specific, or also be allowed for the on-disk
> back end?
I think the feature should be designed so that it can be extended to the
on-disk back end. However, I would treat on-disk back ends as a separate
JIRA--particularly because they have extra problems as evidenced by your
comment about the log.
> - authorization (currently it checks if the user is the database owner if
> authentication is on, doesn't require SQL authorization to be on).
I wonder if we need to check whether authentication is on? In an embedded
application with no authentication, the default DBO will be APP. I think that
in such a situation it would be attractive if APP could delete her in-memory
databases. In such a situation, I think it's enough to require that there be no
open connections to the database.
> - how to control/limit the creation of in-memory databases?
> (could be used for DoS attack on a server?)
I agree that there is a DoS attack here. It's related to the DoS attack allowed
by unlimited creation of on-disk databases, and compounded by the extra memory
which an in-memory database chews up. The half-checked-in work on system
privileges (DERBY-2109) defines a Java privilege for creating databases. That
privilege includes the specification of where you are allowed to create
databases. I believe that we should build on that work.
Thanks,
-Rick
> Add proper delete mechanism for in-memory databases
> ---------------------------------------------------
>
> Key: DERBY-4428
> URL: https://issues.apache.org/jira/browse/DERBY-4428
> Project: Derby
> Issue Type: Improvement
> Components: JDBC, Services, Store
> Affects Versions: 10.6.0.0
> Reporter: Kristian Waagan
> Assignee: Kristian Waagan
> Attachments: derby-4428-0a-preview_patch.diff
>
>
> The current mechanism for deleting in-memory databases isn't good enough, and
> a proper one must be added.
> It is also important to be able to delete in-memory databases, since they
> occupy valuable main memory that should be discarded when the database is no
> longer needed.
> I intend to implement the mechanism by using the JDBC connection URL:
> "jdbc:derby:memory:myDatabase;delete=true[;user=X;password=Y]
> The connection attempt will throw an exception in any case, either because
> the request failed or because it succeeded.
> Reasons for a failure can be invalid user and/or password, lacking encryption
> attributes, or conflicting attributes.
> For the time being, only the database owner will be allowed to delete
> databases (*note*: do we have a way to control/limit in-memory database
> creation?)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
