db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From be...@apache.org
Subject svn commit: r542796 - in /db/derby/docs/trunk/src: adminguide/ devguide/ ref/
Date Wed, 30 May 2007 11:04:24 GMT
Author: bernt
Date: Wed May 30 04:04:23 2007
New Revision: 542796

URL: http://svn.apache.org/viewvc?view=rev&rev=542796
Log:
DERBY-2272 SSL Documentation

Added:
    db/derby/docs/trunk/src/adminguide/cadminssl.dita   (with props)
    db/derby/docs/trunk/src/adminguide/cadminssladmin.dita   (with props)
    db/derby/docs/trunk/src/adminguide/cadminsslclient.dita   (with props)
    db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita   (with props)
    db/derby/docs/trunk/src/adminguide/cadminsslserver.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita   (with props)
    db/derby/docs/trunk/src/ref/rrefattribssl.dita   (with props)
Modified:
    db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
    db/derby/docs/trunk/src/devguide/cdevcsecuree.dita
    db/derby/docs/trunk/src/ref/refderby.ditamap

Added: db/derby/docs/trunk/src/adminguide/cadminssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminssl.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminssl.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminssl.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminssl" xml:lang="en-us">
+<title>SSL/TLS</title>
+<prolog><metadata>
+<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
+</metadata></prolog>
+<conbody>
+<p><ph conref="../conrefs.dita#prod/productshortname"></ph> Network
+Server and Network Client may encrypt communication using SSL/TLS
+(Secure Socket Layer/Transport Layer Security) and
+also do certificate based authentication of the peer (the server may
+authenticate the client and the client may authenticate the
+server). It is assumed that the reader is somewhat familiar with SSL,
+key pairs and certificates. This documentation is also based on the
+Sun JDK and its keytool application. For the remainder of this
+section, the term "SSL" is used for both SSL and TLS.
+</p>
+<p>SSL for <ph conref="../conrefs.dita#prod/productshortname"></ph>
+(both for client and for server) operates in three possible modes:
+<dl>
+<dlentry><dt><b>off</b></dt><dd>The default, no SSL encryption</dd></dlentry>
+<dlentry><dt><b>basic</b></dt><dd>SSL encryption, no
peer authentication</dd></dlentry>
+<dlentry><dt><b>peerAuthentication</b></dt><dd>SSL encryption
and peer authentication</dd></dlentry>
+</dl>
+</p>
+<p>
+Peer authentication may be set either on the server or on the client
+or on both. Peer authentication means that the other side of the SSL
+connection is authenticated based on a trusted certificate installed
+locally. Alternatively, a CA certificate is installed locally and the
+peer has a signed key.</p>
+
+</conbody>
+</concept>
\ No newline at end of file

Propchange: db/derby/docs/trunk/src/adminguide/cadminssl.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/cadminssladmin.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminssladmin.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminssladmin.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminssladmin.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminssladmin" xml:lang="en-us">
+<title>Other server commands</title>
+<prolog><metadata>
+<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
+</metadata></prolog>
+
+<conbody>
+<p>The other server commands (<codeph>shutdown</codeph>,
+<codeph>ping</codeph>, <codeph>sysinfo</codeph>,
+<codeph>runtimeinfo</codeph>, <codeph>logconnections</codeph>,
+<codeph>maxthreads</codeph>, <codeph>timeslice</codeph>,
+<codeph>trace</codeph>, <codeph>tracedirectory</codeph>) are 
+implemented as clients, and they behave as clients with regards to
+SSL. For example the command
+<codeblock>
+java -jar derbyrun.jar server shutdown -ssl basic
+</codeblock>
+will shutdown an SSL-enabled server. Similarly, if you have
+peerAuthentication on both sides, use the following command
+<codeblock>
+java -Djavax.net.ssl.keyStore=clientKeyStore.key \
+     -Djavax.net.ssl.keyStorePassword=qwerty \
+     -Djavax.net.ssl.trustStore=clientTrustStore.key \   
+     -Djavax.net.ssl.trustStorePassword=qwerty \
+     -jar derbyrun.jar server shutdown -ssl peerAuthentication
+</codeblock>
+</p>
+
+</conbody>
+</concept>
\ No newline at end of file

Propchange: db/derby/docs/trunk/src/adminguide/cadminssladmin.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/cadminsslclient.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminsslclient.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminsslclient.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminsslclient.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminsslclient" xml:lang="en-us">
+<title>Running the client</title>
+<prolog><metadata>
+<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
+</metadata></prolog>
+<conbody>
+
+<section>
+<title>Basic SSL encryption</title>
+<p>SSL on the client is enabled by the URL attribute <codeph>ssl</codeph>
or the
+property <codeph>ssl</codeph> set to <codeph>basic</codeph>.</p>
+<p>Example:</p>
+<codeblock>
+Connection c = 
+   getConnection("jdbc:derby://myhost:1527/db;ssl=basic");
+</codeblock>
+</section>
+
+<section>
+<title>With peer (server) authentication</title>
+<p>SSL with peer (server) authentication is enabled by the URL
+attribute <codeph>ssl</codeph> or the property <codeph>ssl</codeph>
+set to <codeph>peerAuthentication</codeph>.</p>
+<p>In addition, the system properties
+<codeph>javax.net.ssl.trustStore</codeph> and
+<codeph>javax.net.ssl.trustStorePassword</codeph> need to be set.</p>
+<p>Example:</p>
+<codeblock>
+    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
+    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
+    Connection c = 
+       getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
+</codeblock>
+</section>
+
+<section>
+<title>With peer authentication on both sides</title>
+<p>If the server is also in peer authentication mode, the client has
+to set <codeph>javax.net.ssl.keyStore</codeph> and <codeph>javax.net.ssl.keyStorePassword</codeph>.</p>
+<p>Example:</p>
+<codeblock>
+    System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
+    System.setProperty("javax.net.ssl.trustStorePassword","qwerty");
+    System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
+    System.setProperty("javax.net.ssl.keyStorePassword","qwerty");
+    Connection c = 
+       getConnection("jdbc:derby://myhost:1527/db;ssl=peerAuthentication");
+</codeblock>
+</section>
+
+</conbody>
+</concept>
+

Propchange: db/derby/docs/trunk/src/adminguide/cadminsslclient.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminsslkeys" xml:lang="en-us">
+<title>Key and certificate handling</title>
+<prolog><metadata>
+<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL<indexterm>key</indexterm><indexterm>certificate</indexterm></indexterm><indexterm>TLS</indexterm></keywords>
+</metadata></prolog>
+
+<conbody>
+
+<section>
+<title>The server key pair</title>
+<p>For SSL operation, the server needs a key pair. To generate the
+key pair using <codeph>keytool</codeph>, use a command like the following. In
this
+example the key pair and corresponding certificate is valid for 7
+days:</p> 
+<codeblock>
+keytool -genkey -alias myDerbyServer -validity 7 -keystore serverKeyStore.key
+</codeblock>
+</section>
+
+<section>
+<title>Install server certificate on the client (optional)</title>
+<p>If a client uses peer authentication (the client wants to
+authenticate the server), a server certificate has to be distributed to
+the client and imported into the client's <i>truststore</i> (a store
+of trusted keys).</p> 
+<p>
+With <codeph>keytool</codeph> the server certificate may be generated
+as follows:</p> 
+<codeblock>
+keytool -export -alias myDerbyServer -keystore serverKeyStore.key \
+        -rfc -file myServer.cert
+</codeblock>
+And installed in the client's <i>truststore</i> as follows:
+<codeblock>
+keytool -import -alias myServerCert -file myServer.cert \
+        -keystore clientTrustStore.key
+</codeblock>
+</section>
+
+<section>
+<title>Install server certificate on the client (optional)</title>
+<p>Optionally, the server may require peer authentication (the server
+wants to authenticate the clients). In this case, all clients need a
+key pair and all clients' certificates have to be installed in the
+server's <i>truststore</i>.</p> 
+<p>On the client, generate and export the certificate as follows</p>
+<codeblock>
+keytool -genkey -alias aDerbyClient -keystore clientKeyStore.key
+keytool -export -alias aDerbyClient -keystore clientKeyStore.key \
+        -rfc -file sClient.cert
+</codeblock>
+<p>On the server, import the certificate as follows:</p>
+<codeblock>
+keytool -import -alias aClientCert -file aClient.cert 
+        -keystore serverTrustStore.key
+</codeblock>
+</section>
+
+</conbody>
+</concept>
\ No newline at end of file

Propchange: db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/cadminsslserver.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminsslserver.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminsslserver.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminsslserver.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminsslserver" xml:lang="en-us">
+<title>Starting the server</title>
+<prolog><metadata>
+<keywords><indexterm>Network Server<indexterm>SSL</indexterm></indexterm><indexterm>Network
Server<indexterm>TLS</indexterm></indexterm><indexterm>SSL</indexterm><indexterm>TLS</indexterm></keywords>
+</metadata></prolog>
+
+<conbody>
+<p>SSL at the server side is activated with the property
+<codeph>derby.drda.sslMode</codeph> (default off) or the <codeph>-ssl</codeph>
option for the server
+start command. The property may have three values: <codeph>off</codeph>, <codeph>basic</codeph>
+and <codeph>peerAuthentication</codeph>.</p>
+
+<section>
+<title>Normal mode (default)</title>
+<p><codeph>off</codeph>: Normal server operations without SSL</p>
+</section>
+
+<section>
+<title>Basic SSL encryption</title>
+<p><codeph>basic</codeph>: SSL is on, no client authentication</p>
+<p>The properties <codeph>javax.net.ssl.keyStore</codeph> and
+<codeph>javax.net.ssl.keyStorePassword</codeph> need to be set with the proper
+values.</p>
+<p>Example:</p>
+<codeblock>    
+java -Djavax.net.ssl.keyStore=serverKeyStore.key \
+     -Djavax.net.ssl.keyStorePassword=qwerty \
+     -jar derbyrun.jar server start -ssl basic
+</codeblock>
+</section>
+
+<section>
+<title>SSL with peer (client) authentication</title>
+<p><codeph>peerAuthentication</codeph>: Same as <codeph>basic</codeph>
but with additional client
+authentication. The server needs all the clients' certificates
+installed in the <i>truststore</i>.</p>
+<p>The <codeph>javax.net.ssl.trustStore</codeph> and <codeph>javax.net.ssl.trustStorePassword</codeph>
+need to be set in addition to the properties above.</p>
+<p>Example:</p>
+<codeblock>
+java -Djavax.net.ssl.keyStore=serverKeyStore.key \
+     -Djavax.net.ssl.keyStorePassword=qwerty \
+     -Djavax.net.ssl.trustStore=serverTrustStore.key \
+     -Djavax.net.ssl.trustStorePassword=qwerty \
+     -jar derbyrun.jar server start -ssl peerAuthenticate
+</codeblock>
+</section>
+
+</conbody>
+</concept>
\ No newline at end of file

Propchange: db/derby/docs/trunk/src/adminguide/cadminsslserver.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap?view=diff&rev=542796&r1=542795&r2=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap (original)
+++ db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap Wed May 30 04:04:23 2007
@@ -164,6 +164,7 @@
 </topicref>
 <topicref href="radmindrdasecmechanism.dita" navtitle="derby.drda.securityMechanism property">
 </topicref>
+<topicref href="radmindrdasslmode.dita" navtitle="derby.drda.sslMode property"></topicref>
 <topicref href="radminconfigstartnetworkserver.dita" navtitle="derby.drda.startNetworkServer
property">
 </topicref>
 <topicref href="radmindrdaStreamOutBufferSize.dita" navtitle="derby.drda.streamOutBufferSize
property">
@@ -188,6 +189,12 @@
 </topicref>
 <topicref collection-type="family" href="cadminadvtops.dita" navtitle="Derby Network Server
advanced topics">
 <topicref href="cadminnetservsecurity.dita" navtitle="Network Server security">
+</topicref>
+<topicref collection-type="family" href="cadminssl.dita" navtitle="SSL/TLS">
+<topicref href="cadminsslkeys.dita" navtitle="Key and certificate handling"></topicref>
+<topicref href="cadminsslserver.dita" navtitle="Starting the server"></topicref>
+<topicref href="cadminsslclient.dita" navtitle="Running the client"></topicref>
+<topicref href="cadminssladmin.dita" navtitle="Other server commands (than start)"></topicref>
 </topicref>
 <topicref collection-type="family" href="tadminnetservrun.dita" navtitle="Running the
Network Server under the security manager">
 <topicref href="tadminnetservbasic.dita" navtitle="Basic Network Server security policy"></topicref>

Added: db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+ 
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radmindrdasslmode" xml:lang="en-us">
+<title>derby.drda.sslMode property</title>
+<prolog><metadata>
+<keywords><indexterm>derby.drda.sslMode property</indexterm><indexterm>properties<indexterm>derby.drda.sslMode</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section><p>The derby.drda.sslMode property indictaes whether the client
+connection is encrypted or not, and whether certificate based peer
+authentication is enabled.</p>  
+</section>
+<refsyn>
+<title>Syntax</title>
+<codeblock>
+<ph>derby.drda.sslMode = [ off | basic | peerAuthentication ]</ph>
+</codeblock> 
+</refsyn>
+<section><title>Default</title><p><codeph>off</codeph></p>
</section>
+<example> <title>Example</title><codeblock><b>derby.drda.sslMode=basic
+</b></codeblock> The server that runs with this setting accepts client
+connections encrypted with SSL.</example>
+<section><title>Static or dynamic</title><p>Static. You must restart
the Network
+Server for the changes that are associated with this property to take effect.</p> </section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radmindrdasslmode.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/devguide/cdevcsecuree.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecuree.dita?view=diff&rev=542796&r1=542795&r2=542796
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecuree.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecuree.dita Wed May 30 04:04:23 2007
@@ -42,6 +42,12 @@
 <li><i>Validation of Certificate for Signed Jar Files</i>   <p>In
a Java 2
 environment, <ph conref="../conrefs.dita#prod/productshortname"></ph> validates
 certificates for classes loaded from signed jar files.</p>  </li>
+<li><i>SSL/TLS</i><p><ph
+conref="../conrefs.dita#prod/productshortname"></ph> Network Server
+communication may be encrypted with SSL/TLS. SSL/TLS certificate
+authentication is also supported. See <i>"SSL/TLS"</i> in
+<cite><ph conref="../conrefs.dita#pub/citadmin"></ph></cite> for
+details.</p></li> 
 </ul>
 <p>The following figure shows some of the <ph conref="../conrefs.dita#prod/productshortname"></ph>
security
 mechanisms at work in a client/server environment. User authentication is

Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?view=diff&rev=542796&r1=542795&r2=542796
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Wed May 30 04:04:23 2007
@@ -600,6 +600,8 @@
 </topicref>
 <topicref href="rrefattrib10035.dita" navtitle="user=userName attribute">
 </topicref>
+<topicref href="rrefattribssl.dita" navtitle="ssl=sslMode attribute">
+</topicref>
 <topicref href="rrefattrib34183.dita" navtitle="Creating a connection without specifying
attributes">
 </topicref>
 </topicref>

Added: db/derby/docs/trunk/src/ref/rrefattribssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribssl.dita?view=auto&rev=542796
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattribssl.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefattribssl.dita Wed May 30 04:04:23 2007
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<reference id="rrefattribssl" xml:lang="en-us">
+<title>ssl=sslMode attribute</title>
+<prolog><metadata>
+<keywords><indexterm>ssl=sslMode database connection URL attribute</indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section> 
+<title>Function</title>
+<p>Specifies the SSL mode of the client. The
+<i>sslMode</i> can be <codeph>basic</codeph>,
+<codeph>peerAuthentication</codeph>, or <codeph>off</codeph> (the
+default). See <i>"SSL/TLS"</i> in <cite><ph
+conref="../conrefs.dita#pub/citadmin"></ph></cite> for
+details.
+</p></section> 
+
+<section><title>Combining with other attributes</title> <p>May be
combined with all other attributes.</p> </section>
+<example> <title>Example</title>
+<p>Connecting <codeph>mydb</codeph> with basic SSL encryption</p>
<codeblock><b>jdbc:derby://localhost/mydb;ssl=basic</b></codeblock>
</example>
+</refbody>
+</reference>
+

Propchange: db/derby/docs/trunk/src/ref/rrefattribssl.dita
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message