[ http://issues.apache.org/jira/browse/DERBY-1636?page=comments#action_12429100 ] Suresh Thalamati commented on DERBY-1636: -----------------------------------------
Thanks a lot Laura. I have few minor comments, It would be great if you can make the following changes. Developers Guide: ------------------ tdevcsecurenewbootpw.html : (Encrypting databases with a new boot password) ----------- 1) one case where new boot password can not be used is not mentioned here. (It is documented in the external case). please add the following too : " If the database is configured with log archival for roll-forward recovery, you must disable log archival before you can encrypt the database with a new boot password. " 2) additional disk space requirement is not mentioned here. ( it is documented in the external key) "Recommendation: Ensure that you have enough free disk space before you encrypt a database with a new boot password. In addition to the disk space required for the current size of the database, temporary disk space is required to store the old version of the data to restore the database back to it's original state if the new encryption is interrupted or returns errors. All of the temporary disk space is released back to the operating system after the database is reconfigured to work with the new boot password." 3) "To encrypting" does not sound good: can we change it to : "To encrypt a database with a new boot password: tdevcsecurenewextkey.html : (Encrypting databases with a new external key ) 1) Following point about backup recommendation is out of place, please move it to before the example. " If you disabled log archival before you applied the new encryption key, create a new backup of the database after the database is reconfigured with new the encryption key. " tdevcsecureunencrypteddb.html (Encrypting an existing database) --------------------------------------------------------------- 1) please move the last point about the backup to before the example, it looks out of context immediately after the example: " If you disabled log archival before you encrypted the database, create a new backup of the database after the database is encrypted. " cdevcsecure97760.html (Working with encryption) --------------------------------------------------- 1) Following sentence is not necessary in (Encrypting databases with a new external key link) "The new encryption key encrypts the database, including the existing data" Reference Manual : ------------------ rrefattrib60346.html (encryptionAlgorithm=algorithm) " Combining with other attributes The encryptionAlgorithm attribute must be combined with the bootPassword=key, dataEncryption=true, and encryptionProvider=providerName attributes. " encryptionProvider is not must to specify and encryptionAlgorithm. Above sentence should be changed to something like : The encryptionAlgorithm attribute must be combined with the bootPassword=key, dataEncryption=true attributes. You have the option of also specifying encryptionProvider=providerName attribute to specify the encryption provider of the algorithm. rrefattribnewencryptkey.html (newEncryptionKey= <new encryption key>) ------------------------------------------------------------------- look like reference link is messed up in the following sentence. " The newEncryptionKey attribute must be combined with the rrefattribencryptkey.html#rrefattribencryptkey attribute. " > document encryption of an un-encrypted database and re-encryption with new > password/key. > ------------------------------------------------------------------------------------------ > > Key: DERBY-1636 > URL: http://issues.apache.org/jira/browse/DERBY-1636 > Project: Derby > Issue Type: Improvement > Components: Documentation > Affects Versions: 10.2.1.0 > Reporter: Suresh Thalamati > Assigned To: Laura Stewart > Fix For: 10.2.1.0 > > Attachments: derby1636_devguide.diff, derby1636_devguide_html.zip, > derby1636_ref.diff, derby1636_ref_html.zip, reencrypt_devgudechanges.txt, > reencryptspec_1.html > > > document encryption of an un-encrypted database and re-encryption with new > password/key. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira