You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2017/06/15 01:37:00 UTC
[jira] [Commented] (DERBY-2925) Prevent export from overwriting
existing files
[ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049897#comment-16049897 ]
Rick Hillegas commented on DERBY-2925:
--------------------------------------
This issue was tracked by CVE-2010-2232 along with the documentation improvement at https://issues.apache.org/jira/browse/DERBY-4708. The fixes appeared in Derby version10.6.2.1 (see http://db.apache.org/derby/releases/release-10.6.2.1.html), which was released on 2010-10-05.
> Prevent export from overwriting existing files
> ----------------------------------------------
>
> Key: DERBY-2925
> URL: https://issues.apache.org/jira/browse/DERBY-2925
> Project: Derby
> Issue Type: Sub-task
> Components: Tools
> Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.4, 10.4.1.3
> Reporter: Kathey Marsden
> Assignee: Ramin Moazeni
> Fix For: 10.3.1.4, 10.4.1.3, 10.6.2.1, 10.7.1.1
>
> Attachments: derby-2925-07-aa-fileUrl.diff, DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat, DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff, DERBY-2925v3.stat, DERBY-2925v4.diff, DERBY-2925v4.stat, DERBY-2925v5.diff, DERBY-2925v5.stat, DERBY-2925v6.diff, DERBY-2925v6.stat, releaseNote.html, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user remove them before writing to the file. This will help prevent accidental or intentional corruption of the database with export. This may introduce a compatibility issue with export but because export is usually an attended utility and not typically invoked as part of an application, I think the risk is worth the additional security this will provide.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)