Opened 11 years ago

Closed 8 years ago

#7704 closed task (wontfix)

refactor dojox.sql

Reported by: Adam Peller Owned by: Tom Trenka
Priority: high Milestone: future
Component: Dojox Version: 1.2beta
Keywords: Cc: Jared Jurkiewicz, Brad Neuberg
Blocked By: Blocking:

Description (last modified by Adam Peller)

Filed new ticket for the dojox.storage dependency (see #8765)

Once that is taken care of, if only dojox.off depends on dojox.sql, I suggest we pull the code into the off subproject, since it does not seem to merit a standalone subproject nor is it drawing any activity or contributions.

Change History (11)

comment:1 Changed 11 years ago by Adam Peller

and if there's a CLA in place, do we really need a LICENSE file?

comment:2 Changed 11 years ago by Adam Peller

(In [15313]) attempt at a README for dojox.sql. Refs #7704

comment:3 Changed 11 years ago by Adam Peller

and shouldn't the crypto code live in dojox.encoding with Dojo's other crypto code?

comment:4 Changed 11 years ago by Adam Peller

Milestone: tbd1.3
Owner: changed from dante to Tom Trenka

per discussion with brad and ttrenka, it looks like we should move the crypto code to dojox.encoding, remove the dojox.storage dependency on dojox.sql, and move the remaining module into dojox.off.

comment:5 Changed 11 years ago by Adam Peller

Summary: dojox.sql needs a READMErefactor dojox.sql

comment:6 Changed 11 years ago by Adam Peller

Cc: Jared Jurkiewicz Brad Neuberg added
Type: defecttask

comment:7 Changed 11 years ago by dante

Milestone: 1.31.4

lets give dojox some structure for 1.4 preparing for a breakout of cycle.

comment:8 Changed 11 years ago by Tom Trenka

Resolution: wontfix
Status: newclosed

So in working on other AES implementations, I noticed that the implementation in dojox.sql will, in general, only work for itself; it uses a nonce for an initialization vector and includes that (with a "-" delimiter for ciphertext blocks) along with the ciphertext.

The problem with this is that it's highly non-standard (though a suggested security fix), and that means it will not play well with other implementations of AES. In addition, since there may or may not be existing local storages that already contain encrypted text based on this code, we really can't remove it or alter it at all.

Because of that, I'm closing out this ticket as "wontfix" :(

comment:9 Changed 11 years ago by Adam Peller

Description: modified (diff)
Resolution: wontfix
Status: closedreopened

comment:10 Changed 10 years ago by Tom Trenka

Milestone: 1.4future

comment:11 Changed 8 years ago by Tom Trenka

Resolution: wontfix
Status: reopenedclosed

Sorry Adam...don't think we're coming back to this, and I doubt it will be included in the 2.x line of DTK. Reclosing as "wontfix".

Note: See TracTickets for help on using tickets.