Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17228

Encrypted temporary tables are not encrypted

Details

    Description

      Although it is possible to CREATE TEMPORARY TABLE ... ENCRYPTED=yes temporary tablespace will contain data in plaintext (check file ibtmp1).

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20142 encryption.innodb_encrypt_temporary_tables failed in buildbot with wrong result

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20340 Encrypted temporary tables cannot be read with full_crc32

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            marko Marko Mäkelä added a comment - - edited

            I think that we must fix the code so that the InnoDB temporary tablespace file is encrypted if and only if innodb_encrypt_tables is set. All pages of the tablespace can and should be encrypted; there is no reason to disable encryption on page 0, because we do not care about the contents of the temporary tablespace after InnoDB has been killed or shut down.

            Also, the table option ENCRYPTED should cause a warning to be issued if it contradicts with the encryption status of the tablespace.

            marko Marko Mäkelä added a comment - - edited I think that we must fix the code so that the InnoDB temporary tablespace file is encrypted if and only if innodb_encrypt_tables is set. All pages of the tablespace can and should be encrypted; there is no reason to disable encryption on page 0, because we do not care about the contents of the temporary tablespace after InnoDB has been killed or shut down. Also, the table option ENCRYPTED should cause a warning to be issued if it contradicts with the encryption status of the tablespace.
            thiru Thirunarayanan Balathandayuthapani added a comment -

            The patch is in 10.2 version (bb-10.2-MDEV-17228) and 10.4 version (bb-10.4-MDEV-17228).

            thiru Thirunarayanan Balathandayuthapani added a comment - The patch is in 10.2 version (bb-10.2- MDEV-17228 ) and 10.4 version (bb-10.4- MDEV-17228 ).
            marko Marko Mäkelä added a comment -

            I sent some comments for the 10.2 version, mostly about structuring the code. I think that we can use hard-wired encryption key identifier 1, like we do for the redo log and the temporary files of ALTER TABLE. In this way, it can be a Boolean parameter.

            marko Marko Mäkelä added a comment - I sent some comments for the 10.2 version, mostly about structuring the code. I think that we can use hard-wired encryption key identifier 1, like we do for the redo log and the temporary files of ALTER TABLE. In this way, it can be a Boolean parameter.

            People

              thiru Thirunarayanan Balathandayuthapani
              robgolebiowski Robert Golebiowski
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.