[jira] Commented: (DERBY-4030) Derby tried to reencrypt DB when other than owner connects

Tue, 27 Jan 2009 14:43:24 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-4030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12667839#action_12667839
 ] 

Dag H. Wanvik commented on DERBY-4030:
--------------------------------------

> Does it mean that data is no more encrypted if a user who is not the
> owner writes data ? I don't think it's the case as it would be quite
> odd.

Once a database is encrypted, it will remain so.  The issue here only
concerns what happens when the database is booted for the first time
with the encryption property set to true (at creation time or later; both are 
possible).

The boot which first encrypts the database must be done by the data base owner.
Later boots can be performed by all authenticated users by supplying the boot 
password.

This means that for non-database owner connection, you should not
supply the encryption property (just make sure the data base is
already encrypted, either at creation time, or by a data base owner
connection before you open up for non-data base owner connections)

[Note: you can also re-encrypt a data base - this must also be done by
the database owner. 
http://db.apache.org/derby/docs/10.4/devguide/tdevcsecurenewbootpw.html]

Hope this helps! 




> Derby tried to reencrypt DB when other than owner connects
> ----------------------------------------------------------
>
>                 Key: DERBY-4030
>                 URL: https://issues.apache.org/jira/browse/DERBY-4030
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 10.4.2.0
>         Environment: Linux 2.6.27.7 #3 SMP Sun Nov 30 17:18:23 CET 2008 
> x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-60 GNU/Linux
> java version "1.6.0_10"
> Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
> Java HotSpot(TM) 64-Bit Server VM (build 11.0-b15, mixed mode)
>            Reporter: EDAH-TALLY
>         Attachments: DerbyIssue3.java
>
>
> DB : with requireAuthentication and SQLAuthorization enabled
> DB owner connects painlessly
> Another user tries to connect : first connection fails with Connection 
> Exception 08004 : 
> User '<authorizationID>' cannot (re)encrypt database '<databaseName>'. Only 
> the database owner can perform this operation.
> StackTrace : 
> java.sql.SQLNonTransientConnectionException: L'utilisateur 'OTHERUSER' ne 
> peut pas (réen)coder la base de données '/tmp/DerbyIssue3'. Seul le 
> propriétaire de la base de données est habilité à effectuer cette opération.
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.checkIsDBOwner(Unknown 
> Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
>         at org.apache.derby.impl.jdbc.EmbedConnection40.<init>(Unknown Source)
>         at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown 
> Source)
>         at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>         at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
>         at java.sql.DriverManager.getConnection(DriverManager.java:582)
>         at java.sql.DriverManager.getConnection(DriverManager.java:154)
>         at DerbyIssue3.connect(DerbyIssue3.java:83)
>         at DerbyIssue3.main(DerbyIssue3.java:26)
> Caused by: java.sql.SQLException: L'utilisateur 'OTHERUSER' ne peut pas 
> (réen)coder la base de données '/tmp/DerbyIssue3'. Seul le propriétaire de la 
> base de données est habilité à effectuer cette opération.
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source)
>         at 
> org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown
>  Source)
>         ... 16 more
> Second connection in same running JVM succeeds.
> The other user seems to work normally afterwards.
> Sample program is attached to reproduce the exception.
> Don't know if it has already been reported, didn't find a similar one.
> Thank you for investigating.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to