cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrus Adamchik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAY-2019) Optimistic locking always fails on CRYPTO columns
Date Tue, 30 Jun 2015 06:08:05 GMT

    [ https://issues.apache.org/jira/browse/CAY-2019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14607562#comment-14607562
] 

Andrus Adamchik commented on CAY-2019:
--------------------------------------

We certainly need to fix the leak of plaintext in this case. 

Though I think you still won't be able to do optimistic locking on crypto columns. The use
of "IV" in CBC block cypher mode when run against the same  plaintext produces distinct values
on each run. This is good security, but makes it impossible to compare crypto values. Perhaps
we should offer a less secure alternative to CBC (like ECB?) that would allow  = / != comparisons.

> Optimistic locking always fails on CRYPTO columns
> -------------------------------------------------
>
>                 Key: CAY-2019
>                 URL: https://issues.apache.org/jira/browse/CAY-2019
>             Project: Cayenne
>          Issue Type: Bug
>          Components: Core Library
>    Affects Versions: 4.0.M2
>            Reporter: John Huss
>            Priority: Minor
>
> If you have optimistic locking turned on for columns that are configured to be encrypted
(named CRYPTO_*) then updates to those rows will always fail because it uses the unencrypted
value to check the optimistic locking, ie. WHERE encryptedColumn = <unencryptedValue>



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message