commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38603] - [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
Date Sat, 11 Feb 2006 08:48:49 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38603





------- Additional Comments From hauser@acm.org  2006-02-11 09:48 -------
see also Bug 38614 for other attributes.

To really get it safe, it is probably not sufficient to only control the
ciphers, but it should be possible to
- enforce client cert auth (not only have it optional - e.g. mysql can do that
in http://dev.mysql.com/doc/refman/5.0/en/grant.html with REQUIRE X509)
- to have a db port that only accepts encrypted connections to prevent
inadvertent password disclosure (http://bugs.mysql.com/bug.php?id=17319)
- prevent password guessing (e.g. http://bugs.mysql.com/bug.php?id=17318)

see also a formal RFE for this for connector/J in
http://bugs.mysql.com/bug.php?id=17320

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message