Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance control upon ability to share database crypt key between attachments in SS [CORE5442] #5713

Closed
firebird-issue-importer opened this issue Jan 9, 2017 · 8 comments

Comments

@firebird-issue-importer
Copy link

firebird-issue-importer commented Jan 9, 2017

Submitted by: @AlexPeshkoff

Jira_subtask_inward CORE5472

Currently in case of SS architecture the first attachment which passed correct dbcrypt key works as unlocker for all further attachments - database key on SS is shared among all attachments using same DBB. In some cases (distributed encrypted databases) such behavior is highly undesired. Initially I've supposed that all functionality related with reject of key-less attachments may be implemented by KeyHolder plugin. Unfortunately such plugin in many cases can't efficiently distinguish between bad and correct key, provided by an attachment. Moreover, the only reliable way to check is a key correct is to pass it to DbCrypt plugin and ask it to validate a key. That task can be performed only by CryptoManager code (only it has all required information about loaded plugins). KeyHolder plugin must just inform CryptoManager about a kind of provided key - should it be use only by own attachments or may be shared between attachments.

Commits: ef2fbab e722a40

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 9, 2017

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 9, 2017

Commented by: @aafemt

That's the way CryptoManager works in Avalerion.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 9, 2017

Commented by: @AlexPeshkoff

How does KeyHolder instruct CryptoManager about key kind in Avalerion?

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Feb 15, 2017

Modified by: @AlexPeshkoff

issuetype: Improvement [ 4 ] => Sub-task [ 5 ]

Parent: CORE5472 [ 21621 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Feb 15, 2017

Commented by: @AlexPeshkoff

Fix for CORE5472 means fix for this issue
Both are related with keys management

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Mar 16, 2017

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.2 [ 10785 ]

Fix Version: 4.0 Alpha 1 [ 10731 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Mar 16, 2017

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Mar 16, 2017

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment