>> Prevent export from overwriting existing files >> ---------------------------------------------- >> >> Key: DERBY-2925 >> URL: https://issues.apache.org/jira/browse/DERBY-2925 >> Project: Derby >> Issue Type: Sub-task >> Components: Security, Tools >> Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0 >> Reporter: Kathey Marsden >> Assignee: Ramin Moazeni >> >> Export should not overwrite existing files, but rather insist that >> the user remove them before writing to the file. This will help >> prevent accidental or intentional corruption of the database with >> export. This may introduce a compatibility issue with export but >> because export is usually an attended utility and not typically >> invoked as part of an application, I think the risk is worth the >> additional security this will provide.
I am not sure blanket prohibition on exporting to existing files is the best approach. Apart from the compatibility issue I would say there is a usability issue as well, I know I never use "noclobber" in my UNIX shell settings ;) I think what we are trying to achieve here is to protect the database files. Couldn't a separate jar for this part of the code solve the issue (with a policy only allowing write to a dedicated export directory by default). If a separate jar is considered undesirable, one could limit the export to a relative file path and always require that it contain an export directory as its first path element, say "export". Just my 0.02 cents, please forgive if I missed some context discussions here.
