On 10/17/12 10:18 AM, Rick Hillegas wrote:
When Kristian implemented database unencryption, I believe that he
just piggybacked on top of the existing re-encryption logic. This
means that unencryption records an EncryptContainerUndoOperation in
the transaction log just as re-encryption does. Does anyone see a
compelling reason to create a new UnencryptContainerUndoOperation for
unencryption in order to distinguish it from re-encryption?
Thanks,
-Rick
Here is my opinion. Derby now supports 3 encryption-related state
transitions:
1) Unencrypted -> Encrypted
2) Encrypted -> Re-encrypted
3) Encrypted -> Unencrypted
Encryption has been part of Derby since it was open-sourced. In that
period it has been sufficient to use one log entry format for both (1)
and (2). That suggests we're not going to need another log entry format
for (3). We can always write upgrade logic if we ever need to introduce
a new log entry format in order to tease apart these state transitions.
Creating a new log entry format strikes me as a chunk of work that is
not motivated by any compelling evidence. So I recommend that we stick
with what Kristian has done and use the same log entry format for all
three state transitions.
Thanks,
-Rick
