Network Server user authentication when user authentication is on in Derby

Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 55179 invoked from network); 22 Mar 2007 20:34:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Mar 2007 20:34:54 -0000 Received: (qmail 77069 invoked by uid 500); 22 Mar 2007 20:35:02 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 77033 invoked by uid 500); 22 Mar 2007 20:35:02 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 77021 invoked by uid 99); 22 Mar 2007 20:35:02 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2007 13:35:01 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2007 13:34:53 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 0C8DC1A983E; Thu, 22 Mar 2007 13:34:33 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r521448 - in /db/derby/docs/trunk/src: adminguide/cadminapps49914.dita adminguide/cadminapps811631.dita adminguide/cadminapps811656.dita ref/refderby.ditamap ref/rrefattribsecmech.dita Date: Thu, 22 Mar 2007 20:34:32 -0000 To: derby-commits@db.apache.org From: scotsmatrix@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070322203433.0C8DC1A983E@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: scotsmatrix Date: Thu Mar 22 13:34:31 2007 New Revision: 521448 URL: http://svn.apache.org/viewvc?view=rev&rev=521448 Log: DERBY-2361: Added the new attribute for securityMechanism was added, examples improved, and topic titles clarified. Patch derby-2361-4.diff contributed by Kim Haase. Added: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (with props) Modified: db/derby/docs/trunk/src/adminguide/cadminapps49914.dita db/derby/docs/trunk/src/adminguide/cadminapps811631.dita db/derby/docs/trunk/src/adminguide/cadminapps811656.dita db/derby/docs/trunk/src/ref/refderby.ditamap Modified: db/derby/docs/trunk/src/adminguide/cadminapps49914.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps49914.dita?view=diff&rev=521448&r1=521447&r2=521448 ============================================================================== --- db/derby/docs/trunk/src/adminguide/cadminapps49914.dita (original) +++ db/derby/docs/trunk/src/adminguide/cadminapps49914.dita Thu Mar 22 13:34:31 2007 @@ -22,28 +22,28 @@ User authentication differencesand Network ServerNetwork Serveruser authentication -andorg.apache.derby.jdbc.ClientDataSource. -CLEAR_TEXT_ PASSWORD_SECURITYSecurity propertiessupported +andorg.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITYSecurity propertiessupported by Network ServerNetwork Serversupported -security propertiesorg.apache.derby.jdbc.ClientDataSource. -USER_ONLY_SECURITYorg.apache.derby.jdbc.ClientDataSource. -ENCRYPTED_USER_AND_ PASSWORD_SECURITY +security propertiesorg.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY +org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY +org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY

When running in embedded mode or when using the Network Server, you can enable or disable server-side user authentication. However, -when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD) +when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD_SECURITY) requires that you supply both the user name and password.

In addition to the default user name and password security mechanism, org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY, Network Server supports the following security properties:

UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY) -
When using this mechanism, you must specify only the user property.
Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)
When using this mechanism, both password and +
UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY) +
When using this mechanism, you must specify only the user property. +All other mechanisms require you to specify both the user name and the password.
Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)
When using this mechanism, both password and user id are encrypted.
Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY) +
Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY)
When using this mechanism, a strong password substitute is generated and used to authenticate the user with the network server. The original password is never sent in any form across the network.

If you specify any other security mechanism, you will receive an exception.

To change the default, you can specify another security mechanism either -as a property or on the URL (using the securityMechanism attribute) when making -the connection.

securityMechanism=value

Whether the security mechanism you specify for the client actually takes +effect depends upon the setting of the +derby.drda.securityMechanism property for the Network Server. +If the derby.drda.securityMechanism property is set, the +Network Server accepts only connections that use the security mechanism +specified by the property setting. If the +derby.drda.securityMechanism property is not set, clients can +use any valid security mechanism. For details, see +.

-Network Server user authentication when user authentication is on in Derby +Security mechanism options when user authentication is enabled on the +Network Server -

When user authentication is enabled in , you can either use the default security mechanism (user name and password) or you can specify that the security mechanism be encrypted user and password.

+

When user authentication is enabled in +, you can use any of +the following security mechanisms:

+

Clear text user name and password security, the default
Strong password substitute security
Encrypted user name and password security

-Network Server user authentication when user authentication is off -in Derby +Security mechanism options when user authentication is disabled on the +Network Server Modified: db/derby/docs/trunk/src/ref/refderby.ditamap URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?view=diff&rev=521448&r1=521447&r2=521448 ============================================================================== --- db/derby/docs/trunk/src/ref/refderby.ditamap (original) +++ db/derby/docs/trunk/src/ref/refderby.ditamap Thu Mar 22 13:34:31 2007 @@ -582,6 +582,8 @@ + + Added: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribsecmech.dita?view=auto&rev=521448 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (added) +++ db/derby/docs/trunk/src/ref/rrefattribsecmech.dita Thu Mar 22 13:34:31 2007 @@ -0,0 +1,70 @@ + + + + + +securityMechanism=value attribute + +securityMechanism=value attribute +databasesattributes, security mechanism +attributessecurityMechanism + + +

Function

Specifies a security mechanism +for client access to the Network Server. The value is numeric.

+

Valid numeric values are:

+ +

8, which specifies Strong Password Substitute security. If +you specify this mechanism, a strong password substitute is generated and used +to authenticate the user with the network server. The original password is +never sent in any form across the network.
9, which specifies Encrypted UserID and Encrypted Password +security. If you specify this mechanism, both the user ID and the password are +encrypted. See "Enabling the encrypted user ID and password security mechanism" +in the for additional +requirements for the use of this security mechanism.
3, which specifies Clear Text Password security. Clear +Text Password security is the default if you do not specify the +securityMechanism attribute and you specify both the +user=userName +and +password=userPassword +attributes.
4, which specifies User Only security. User Only security +is the default if you do not specify the securityMechanism attribute and +you specify the +user=userName +attribute but not the +password=userPassword +attribute.

+

+

Combining with other attributes +

The securityMechanism attribute must be combined with the +user=userName +attribute.

+

+Example +-- specify Strong Password Substitute security +jdbc:derby://localhost/mydb;user=myuser;password=mypassword;securityMechanism=8 + + Propchange: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita ------------------------------------------------------------------------------ svn:eol-style = native