Uploaded image for project: 'Couchbase Java Client'
  1. Couchbase Java Client
  2. JCBC-1852

FLE: Optionally read @Encrypted POJO properties from unencrypted JSON fields.

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.2.1
    • None
    • None
    • Release Note
    • 1

    Description

      Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

      Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

      Suggested release note text:

      The `@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with

      @Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED)

      then either encrypted or unencrypted values will be accepted during deserialization.

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            david.nault David Nault created issue -
            david.nault David Nault made changes -
            Field Original Value New Value
            Assignee Michael Nitschinger [ daschl ] David Nault [ david.nault ]
            david.nault David Nault made changes -
            Fix Version/s 3.2.1 [ 17634 ]
            david.nault David Nault made changes -
            Remote Link This issue links to "Forum post (Web Link)" [ 22807 ]
            david.nault David Nault made changes -
            Description Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Release note text TBD, as soon as we figure out how a user should enable the feature.
            Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Release note text TBD, as soon as we figure out how a user should enable the feature.

            Suggested release note text:

            {quote}
            The `@Encrypted`
            {quote}
            david.nault David Nault made changes -
            Description Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Release note text TBD, as soon as we figure out how a user should enable the feature.

            Suggested release note text:

            {quote}
            The `@Encrypted`
            {quote}
            Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Release note text TBD, as soon as we figure out how a user should enable the feature.

            Suggested release note text:

            {quote}
            The `\@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
            {noformat}@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED){noformat}
            then either encrypted or unencrypted values will be accepted during deserialization.
            {quote}
            david.nault David Nault made changes -
            Description Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Release note text TBD, as soon as we figure out how a user should enable the feature.

            Suggested release note text:

            {quote}
            The `\@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
            {noformat}@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED){noformat}
            then either encrypted or unencrypted values will be accepted during deserialization.
            {quote}
            Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Suggested release note text:

            {quote}
            The `\@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
            {noformat}@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED){noformat}
            then either encrypted or unencrypted values will be accepted during deserialization.
            {quote}
            david.nault David Nault made changes -
            Description Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            Suggested release note text:

            {quote}
            The `\@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
            {noformat}@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED){noformat}
            then either encrypted or unencrypted values will be accepted during deserialization.
            {quote}
            Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).

            Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.

            *Suggested release note text:*

            {quote}
            The `\@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
            {noformat}@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED){noformat}
            then either encrypted or unencrypted values will be accepted during deserialization.
            {quote}
            david.nault David Nault made changes -
            Status New [ 10003 ] Open [ 1 ]
            david.nault David Nault made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            david.nault David Nault made changes -
            Link This issue relates to DOC-8934 [ DOC-8934 ]

            People

              david.nault David Nault
              david.nault David Nault
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty