Issue Details (XML | Word | Printable)

Key: CORE-5442
Type: Sub-task Sub-task
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core
CORE-5472

Enhance control upon ability to share database crypt key between attachments in SS

Created: 09/Jan/17 04:24 PM   Updated: 16/Mar/17 05:29 PM
Component/s: Engine
Affects Version/s: 4.0 Initial, 3.0.0, 3.0.1
Fix Version/s: 3.0.2, 4.0 Alpha 1

Environment: SS

QA Status: Cannot be tested


 Description  « Hide
Currently in case of SS architecture the first attachment which passed correct dbcrypt key works as unlocker for all further attachments - database key on SS is shared among all attachments using same DBB. In some cases (distributed encrypted databases) such behavior is highly undesired. Initially I've supposed that all functionality related with reject of key-less attachments may be implemented by KeyHolder plugin. Unfortunately such plugin in many cases can't efficiently distinguish between bad and correct key, provided by an attachment. Moreover, the only reliable way to check is a key correct is to pass it to DbCrypt plugin and ask it to validate a key. That task can be performed only by CryptoManager code (only it has all required information about loaded plugins). KeyHolder plugin must just inform CryptoManager about a kind of provided key - should it be use only by own attachments or may be shared between attachments.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dimitry Sibiryakov added a comment - 09/Jan/17 04:33 PM
That's the way CryptoManager works in Avalerion.

Alexander Peshkov added a comment - 09/Jan/17 04:41 PM - edited
How does KeyHolder instruct CryptoManager about key kind in Avalerion?

Alexander Peshkov added a comment - 15/Feb/17 02:31 PM - edited
Fix for CORE-5472 means fix for this issue
Both are related with keys management