You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (JIRA)" <ji...@apache.org> on 2012/10/30 15:44:12 UTC

[jira] [Commented] (DERBY-5970) Check that connection attributes have legal values.

    [ https://issues.apache.org/jira/browse/DERBY-5970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13486915#comment-13486915 ] 

Knut Anders Hatlen commented on DERBY-5970:
-------------------------------------------

Looks like a good improvement to me.

I'm wondering if it would be slightly more robust to use the case-insensitive Boolean.valueOf(String) library method instead of converting to lower case manually, in case there should be some exotic locale where lower-casing "TRUE" doesn't behave as one would expect (something similar to Turkish, where lower case of "I" is not "i").
                
> Check that connection attributes have legal values.
> ---------------------------------------------------
>
>                 Key: DERBY-5970
>                 URL: https://issues.apache.org/jira/browse/DERBY-5970
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>         Attachments: derby-5970-01-aa-vetDecryptDatabaseValue.diff
>
>
> At boot time, Derby does not check whether connection attributes are set to legal values. This can cause them to be silently ignored. In the case of security operations like re(un)encryption, these silent failures deceive the DBO into thinking that the security behavior of the database has changed when, in fact, it hasn't. We should do the following:
> 1) Prevent decryptDatabase from being set to an illegal value. Since this is a new attribute, there are no backward compatibility issues.
> 2) Evaluate other attributes on a case-by-case basis to determine which ones should raise exceptions if they are set to illegal values. Technically, this may result in backwardly incompatible behavior. However, I think that for most attributes, we will decide that the incompatibility is minor and is a welcome bugfix.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira