Return-Path:
Delivered-To: apmail-db-derby-commits-archive@www.apache.org
Received: (qmail 55179 invoked from network); 22 Mar 2007 20:34:54 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
by minotaur.apache.org with SMTP; 22 Mar 2007 20:34:54 -0000
Received: (qmail 77069 invoked by uid 500); 22 Mar 2007 20:35:02 -0000
Delivered-To: apmail-db-derby-commits-archive@db.apache.org
Received: (qmail 77033 invoked by uid 500); 22 Mar 2007 20:35:02 -0000
Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help:
list-unsubscribe:
List-Post:
Reply-To: "Derby Development"
List-Id:
Delivered-To: mailing list derby-commits@db.apache.org
Received: (qmail 77021 invoked by uid 99); 22 Mar 2007 20:35:02 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2007 13:35:01 -0700
X-ASF-Spam-Status: No, hits=-99.5 required=10.0
tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2007 13:34:53 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
id 0C8DC1A983E; Thu, 22 Mar 2007 13:34:33 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r521448 - in /db/derby/docs/trunk/src:
adminguide/cadminapps49914.dita adminguide/cadminapps811631.dita
adminguide/cadminapps811656.dita ref/refderby.ditamap
ref/rrefattribsecmech.dita
Date: Thu, 22 Mar 2007 20:34:32 -0000
To: derby-commits@db.apache.org
From: scotsmatrix@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20070322203433.0C8DC1A983E@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: scotsmatrix
Date: Thu Mar 22 13:34:31 2007
New Revision: 521448
URL: http://svn.apache.org/viewvc?view=rev&rev=521448
Log:
DERBY-2361: Added the new attribute for securityMechanism was added, examples improved, and topic titles clarified. Patch derby-2361-4.diff contributed by Kim Haase.
Added:
db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (with props)
Modified:
db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
db/derby/docs/trunk/src/ref/refderby.ditamap
Modified: db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps49914.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps49914.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps49914.dita Thu Mar 22 13:34:31 2007
@@ -22,28 +22,28 @@
User authentication differencesand Network
ServerNetwork Serveruser authentication
-andorg.apache.derby.jdbc.ClientDataSource.
-CLEAR_TEXT_ PASSWORD_SECURITYSecurity propertiessupported
+andorg.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITYSecurity propertiessupported
by Network ServerNetwork Serversupported
-security propertiesorg.apache.derby.jdbc.ClientDataSource.
-USER_ONLY_SECURITYorg.apache.derby.jdbc.ClientDataSource.
-ENCRYPTED_USER_AND_ PASSWORD_SECURITY
+security propertiesorg.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY
+org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY
+org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY
When running in
embedded mode or when using the Network
Server, you can enable or disable server-side user authentication. However,
-when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD)
+when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD_SECURITY)
requires that you supply both the user name and password.
In addition to the default user name and password security mechanism, org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY, Network Server
supports the following security properties:
-- UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY)
-
When using this mechanism, you must specify only the user property.
-- Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)
When using this mechanism, both password and
+
- UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY)
+
When using this mechanism, you must specify only the user property.
+All other mechanisms require you to specify both the user name and the password.
+- Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)
When using this mechanism, both password and
user id are encrypted.
-- Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY)
+
- Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY)
When using this mechanism, a strong password substitute is generated and
used to authenticate the user with the network server. The original password is
never sent in any form across the network.
@@ -53,7 +53,19 @@
more information on schema and user names.
If you specify any other security mechanism, you will receive an exception.
To change the default, you can specify another security mechanism either
-as a property or on the URL (using the securityMechanism attribute) when making
-the connection.
+as a property or on the URL (using the securityMechanism=value attribute) when making
+the connection. For details, see
+ and
+"securityMechanism=value attribute" in the
+.
+Whether the security mechanism you specify for the client actually takes
+effect depends upon the setting of the
+derby.drda.securityMechanism property for the Network Server.
+If the derby.drda.securityMechanism property is set, the
+Network Server accepts only connections that use the security mechanism
+specified by the property setting. If the
+derby.drda.securityMechanism property is not set, clients can
+use any valid security mechanism. For details, see
+.
Modified: db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811631.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811631.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811631.dita Thu Mar 22 13:34:31 2007
@@ -17,9 +17,17 @@
-->
-Network Server user authentication when user authentication is on in Derby
+Security mechanism options when user authentication is enabled on the
+Network Server
-When user authentication is enabled in , you can either use the default security mechanism (user name and password) or you can specify that the security mechanism be encrypted user and password.
+When user authentication is enabled in
+, you can use any of
+the following security mechanisms:
+
+- Clear text user name and password security, the default
+- Strong password substitute security
+- Encrypted user name and password security
+
Modified: db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811656.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811656.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811656.dita Thu Mar 22 13:34:31 2007
@@ -17,8 +17,8 @@
-->
-Network Server user authentication when user authentication is off
-in Derby
+Security mechanism options when user authentication is disabled on the
+Network Server
Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Thu Mar 22 13:34:31 2007
@@ -582,6 +582,8 @@
+
+
Added: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribsecmech.dita?view=auto&rev=521448
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefattribsecmech.dita Thu Mar 22 13:34:31 2007
@@ -0,0 +1,70 @@
+
+
+
+
+
+securityMechanism=value attribute
+
+securityMechanism=value attribute
+databasesattributes, security mechanism
+attributessecurityMechanism
+
+
+FunctionSpecifies a security mechanism
+for client access to the Network Server. The value is numeric.
+Valid numeric values are:
+
+
+- 8, which specifies Strong Password Substitute security. If
+you specify this mechanism, a strong password substitute is generated and used
+to authenticate the user with the network server. The original password is
+never sent in any form across the network.
+- 9, which specifies Encrypted UserID and Encrypted Password
+security. If you specify this mechanism, both the user ID and the password are
+encrypted. See "Enabling the encrypted user ID and password security mechanism"
+in the for additional
+requirements for the use of this security mechanism.
+- 3, which specifies Clear Text Password security. Clear
+Text Password security is the default if you do not specify the
+securityMechanism attribute and you specify both the
+user=userName
+and
+password=userPassword
+attributes.
+- 4, which specifies User Only security. User Only security
+is the default if you do not specify the securityMechanism attribute and
+you specify the
+user=userName
+attribute but not the
+password=userPassword
+attribute.
+
+
+Combining with other attributes
+The securityMechanism attribute must be combined with the
+user=userName
+attribute.
+
+Example
+-- specify Strong Password Substitute security
+jdbc:derby://localhost/mydb;user=myuser;password=mypassword;securityMechanism=8
+
+
Propchange: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita
------------------------------------------------------------------------------
svn:eol-style = native