Issue Details (XML | Word | Printable)

Key: JDBC-610
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Mark Rotteveel
Reporter: Mark Rotteveel
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Jaybird JDBC Driver

URL encoding clashes with base64 encoding values for dbCryptConfig

Created: 19/Jan/20 04:57 PM   Updated: 14/Mar/20 01:25 PM
Component/s: JDBC driver
Affects Version/s: Jaybird 4.0.0-beta-2, Jaybird 3.0.9
Fix Version/s: Jaybird 4, Jaybird 4.0.0, Jaybird 3.0.9


 Description  « Hide
The URL encoding added in JDBC-604 conflicts with the base64 encoding support for dbCryptConfig, as URL decoding will transform the + allowed in base64 to a space, which results in an incorrect decoding or a decoding error.

We need to find a way to allow both to coexist.

Options:
1. Do not URL decode values starting with prefix base64: (under the assumption that if the `:` is not encoded as `%3a`, the remainder of the value is also not URL encoded)
2. Reinstate the + after decoding by replacing any ` ` (0x20) with `+`, possibly error prone
3. Switch to Base64.getUrlDecoder() (which would be an incompatible change, and would be problematic with Java 7 compatibility)
4. Explicitly document this, and recommend people to escape the `+` using `%2b`

Option 4 is the simplest and most standard, option 1 is probably the most flexible.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Mark Rotteveel made changes - 19/Jan/20 04:57 PM
Field Original Value New Value
Fix Version/s Jaybird 4 [ 10441 ]
Fix Version/s Jaybird 4.0.0 [ 10903 ]
Mark Rotteveel made changes - 19/Jan/20 05:05 PM
Description The URL encoding added in JDBC-604 conflicts with the base64 encoding support for dbCryptConfig, as URL decoding will transform the + allowed in base64 to a space, which results in an incorrect decoding or a decoding error.

We need to find a way to allow both to coexist.

Options:
1. Do not URL decode values starting with prefix base64: (under the assumption that if the `:` is not encoded as `%3a`, the remainder of the value is also not URL encoded)
2. Reinstate the + after decoding by replacing any ` ` (0x20) with `+`, possibly error prone
3. Switch to Base64.getUrlDecoder() (which would be an incompatible change, and would be problematic with Java 7 compatibility)

Option 1 is probably the least worst option
The URL encoding added in JDBC-604 conflicts with the base64 encoding support for dbCryptConfig, as URL decoding will transform the + allowed in base64 to a space, which results in an incorrect decoding or a decoding error.

We need to find a way to allow both to coexist.

Options:
1. Do not URL decode values starting with prefix base64: (under the assumption that if the `:` is not encoded as `%3a`, the remainder of the value is also not URL encoded)
2. Reinstate the + after decoding by replacing any ` ` (0x20) with `+`, possibly error prone
3. Switch to Base64.getUrlDecoder() (which would be an incompatible change, and would be problematic with Java 7 compatibility)
4. Explicitly document this, and recommend people to escape the `+` using `%2b`

Option 4 is the simplest and most standard, option 1 is probably the most flexible.
Mark Rotteveel added a comment - 20/Jan/20 09:10 AM
Chose option 4: documented issue in release notes

Mark Rotteveel made changes - 20/Jan/20 09:10 AM
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Mark Rotteveel added a comment - 24/Jan/20 05:58 PM
Documentation for 3.0.9 needs to be updated as well.

Mark Rotteveel made changes - 24/Jan/20 05:58 PM
Resolution Fixed [ 1 ]
Status Resolved [ 5 ] Reopened [ 4 ]
Mark Rotteveel made changes - 24/Jan/20 05:58 PM
Fix Version/s Jaybird 3.0.9 [ 10917 ]
Mark Rotteveel added a comment - 01/Mar/20 12:53 PM - edited
Updated 3.0.9 release notes

Mark Rotteveel made changes - 01/Mar/20 12:53 PM
Status Reopened [ 4 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Mark Rotteveel made changes - 14/Mar/20 01:25 PM
Status Resolved [ 5 ] Closed [ 6 ]