Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance control upon ability to share database crypt key between attachments in SS [CORE5442] #5713

Closed
firebird-automations opened this issue Jan 9, 2017 · 8 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

Jira_subtask_inward CORE5472

Currently in case of SS architecture the first attachment which passed correct dbcrypt key works as unlocker for all further attachments - database key on SS is shared among all attachments using same DBB. In some cases (distributed encrypted databases) such behavior is highly undesired. Initially I've supposed that all functionality related with reject of key-less attachments may be implemented by KeyHolder plugin. Unfortunately such plugin in many cases can't efficiently distinguish between bad and correct key, provided by an attachment. Moreover, the only reliable way to check is a key correct is to pass it to DbCrypt plugin and ask it to validate a key. That task can be performed only by CryptoManager code (only it has all required information about loaded plugins). KeyHolder plugin must just inform CryptoManager about a kind of provided key - should it be use only by own attachments or may be shared between attachments.

Commits: ef2fbab e722a40

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

That's the way CryptoManager works in Avalerion.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

How does KeyHolder instruct CryptoManager about key kind in Avalerion?

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

issuetype: Improvement [ 4 ] => Sub-task [ 5 ]

Parent: CORE5472 [ 21621 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Fix for CORE5472 means fix for this issue
Both are related with keys management

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.2 [ 10785 ]

Fix Version: 4.0 Alpha 1 [ 10731 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment