[jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.

Rick Hillegas (JIRA) Mon, 29 Oct 2012 13:02:14 -0700

    [ 
https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486299#comment-13486299
 ]


Rick Hillegas commented on DERBY-5792:
--------------------------------------

I have buddy-tested this feature against the user documentation. As far as I 
can tell, the feature behaves as described by the user documentation (see the 
script below). In addition, I was not able to discover any new defects which 
are not also shared with re-encryption. However, I believe that un-encryption 
and re-encryption share some defects which we should address. I have logged the 
following bugs:

DERBY-5968 - A failed connection attempt may nevertheless manage to boot the 
database.

DERBY-5969 - Re-encryption and un-encryption silently fail if the database is 
already booted.

DERBY-5970 - Check that connection attributes have legal values.


connect 
'jdbc:derby:db;create=true;user=test_dbo;dataEncryption=true;bootPassword=foobarwibblewombat';

call syscs_util.syscs_create_user( 'test_dbo', 'test_dbopassword' );
call syscs_util.syscs_create_user( 'fred', 'fredpassword' );

call syscs_util.syscs_backup_database_and_enable_log_archive_mode( 'backups', 0 
);

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true';

-- need the bootpassword to boot the database
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;
connect 
'jdbc:derby:db;user=fred;password=fredpassword;bootPassword=foobarwibblewombat';
select count(*) from sys.systables;

-- only the dbo can shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=fred;password=fredpassword';
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- only the dbo can unencrypt the database
connect 
'jdbc:derby:db;user=fred;password=fredpassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- although the connection failed, the database is now booted so we need to 
shut it down. see DERBY-5968 and DERBY-5969.
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- should fail because log archive mode is turned on
connect 
'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- turn off log archival mode
connect 
'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat';
call syscs_util.syscs_disable_log_archive_mode( 0 );

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

-- try a bad setting for decryptDatabase. silently ignored. see DERBY-5970.
connect 
'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=fred';

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

--  fails because the database was not decrypted
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;

-- now unencryption should work
connect 
'jdbc:derby:db;user=test_dbo;password=test_dbopassword;bootPassword=foobarwibblewombat;decryptDatabase=true';
select count(*) from sys.systables;

-- shutdown the database
connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

--  now anyone can boot the database without a bootpassword
connect 'jdbc:derby:db;user=fred;password=fredpassword';
select count(*) from sys.systables;

                
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff, 
> derby-5792-1b-boilerplate_and_preparation.diff, 
> derby-5792-2a-decryptdatabasetest.diff, 
> derby-5792-3a-decryption_feature.diff, derby-5792-4a-crash_and_dbo.diff, 
> derby-5792-4b-crash_and_dbo.diff, 
> derby-5792-5a-old_container_removal_cleanup.diff, 
> derby-5792-5b-old_container_removal_cleanup.diff
>
>
> Currently, you can encrypt an unencrypted database and you can change the 
> encryption key on an already encrypted database. However, Derby does not 
> expose a way to turn off (unencrypt) an already encrypted database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.

Reply via email to