New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for database encryption callback [JDBC527] #561
Comments
Modified by: @mrotteveeldescription: Add basic support for handling database encryption callback (op_crypt_key_callback), supporting a fixed response with a value provided through a connection property. The implementation will not support pluggability, but will prepare for future plugin support. The connection property should take a base64 value, but it might be wise to prepare it for supporting additional types (maybe use dbCryptData=base64:<base64-value>, this could also allow for hex:<hex-value> and maybe <plain-value>). Support must be available for DriverManager and data sources. This should be implemented as an internal minimal plugin/SPI, which is created using the (string) value of dbCryptData, decoding the base64 would be the responsibility of this plugin(!). The implementation should call this plugin with the received server-data (+ size) and return the client-data (in this case the fixed value configured using dbCryptData, or null/empty if no value is provided. Choosing this implementation will allow building this out to support additional plugins in the future. Support for JNA will only be done if it is simple enough to do, otherwise a new ticket will be created for future addition. => Add basic support for handling database encryption callback (op_crypt_key_callback), supporting a fixed response with a value provided through a connection property. The implementation will not support pluggability, but will prepare for future plugin support. The connection property should take a base64 value, but it might be wise to prepare it for supporting additional types (maybe use dbCryptData=base64:<base64-value>, this could also allow for hex:<hex-value> and maybe <plain-value>). Support must be available for DriverManager and data sources. This should be implemented as an internal minimal plugin/SPI, which is created using the (string) value of dbCryptData, decoding the base64 would be the responsibility of this plugin(!). The implementation should call this plugin with the received server-data (+ size) and return the client-data (in this case the fixed value configured using dbCryptData, or null/empty if no value is provided). Choosing this implementation will allow building this out to support additional plugins in the future. Support for JNA will only be done if it is simple enough to do, otherwise a new ticket will be created for future addition. |
Modified by: @mrotteveelFix Version: Jaybird 3.0.4 [ 10861 ] Fix Version: Jaybird 4 [ 10441 ] Version: Jaybird 3.0.4 [ 10861 ] => Version: Jaybird 4 [ 10441 ] => |
Modified by: @mrotteveelComponent: JNI/JNA layer [ 10051 ] => |
Commented by: @mrotteveel Initial implementation done. Only supported in wire protocol v13, not in native/embedded. |
Modified by: @mrotteveelstatus: Resolved [ 5 ] => Closed [ 6 ] |
Submitted by: @mrotteveel
Add basic support for handling database encryption callback (op_crypt_key_callback), supporting a fixed response with a value provided through a connection property. The implementation will not support pluggability, but will prepare for future plugin support.
The connection property should take a base64 value, but it might be wise to prepare it for supporting additional types (maybe use dbCryptData=base64:<base64-value>, this could also allow for hex:<hex-value> and maybe <plain-value>). Support must be available for DriverManager and data sources.
This should be implemented as an internal minimal plugin/SPI, which is created using the (string) value of dbCryptData, decoding the base64 would be the responsibility of this plugin(!). The implementation should call this plugin with the received server-data (+ size) and return the client-data (in this case the fixed value configured using dbCryptData, or null/empty if no value is provided). Choosing this implementation will allow building this out to support additional plugins in the future.
Support for JNA will only be done if it is simple enough to do, otherwise a new ticket will be created for future addition.
Commits: df6d50b ccc512e
The text was updated successfully, but these errors were encountered: