Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-4830

Tighten up rules for encryption of column groups and indices

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • WT3.2.1
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • 5
    • Storage Engines 2019-06-03

      As part of WT-4494, test_encrypt06.py began to fail, and it became hard to fix it in a sensible manner.  That test tries to predict what might happen in the circumstance where (for example) system-wide encryption is set up, encryption for a single table is configured explicitly to be off, and encryption for a column group and/or index tied to that table is not specified.  What should happen?  Do we expect them to be encrypted or not?

      What actually happens is perhaps an artifact of the implementation, and WT-4494 changes details of the implementation.  The easiest solution would be to:

      1. prohibit having a different "level" of encryption specified for a column group or index than is listed in the parent table.  That is, if cannot say NO encryption for a CG and YES encryption for a table, and cannot say YES encryption for a CG and NO encryption for a table.  Details of encryption could be different.
      2. (Possibly) if no encryption is specified for CG or index, encryption is inherited from the parent table.

      Then, at least if #1 is implemented, we would be guaranteed that either everything for that table would be in the clear, or everything would be protected by some encryption.  This would be easier to think about and write tests for.

            donald.anderson@mongodb.com Donald Anderson
            donald.anderson@mongodb.com Donald Anderson
            0 Vote for this issue
            5 Start watching this issue