Return-Path: 
 <derby-commits-return-12601-apmail-db-derby-commits-archive=db.apache.org@db.apache.org>
Delivered-To: apmail-db-derby-commits-archive@www.apache.org
Received: (qmail 39243 invoked from network); 22 Apr 2010 16:21:49 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 22 Apr 2010 16:21:49 -0000
Received: (qmail 63123 invoked by uid 500); 22 Apr 2010 16:21:49 -0000
Delivered-To: apmail-db-derby-commits-archive@db.apache.org
Received: (qmail 63102 invoked by uid 500); 22 Apr 2010 16:21:49 -0000
Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:derby-commits-help@db.apache.org>
list-unsubscribe: <mailto:derby-commits-unsubscribe@db.apache.org>
List-Post: <mailto:derby-commits@db.apache.org>
Reply-To: "Derby Development" <derby-dev@db.apache.org>
List-Id: <derby-commits.db.apache.org>
Delivered-To: mailing list derby-commits@db.apache.org
Received: (qmail 63095 invoked by uid 99); 22 Apr 2010 16:21:49 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 16:21:49 +0000
X-ASF-Spam-Status: No, hits=-1714.7 required=10.0
	tests=ALL_TRUSTED,AWL
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 16:21:48 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id E0FF223889D2; Thu, 22 Apr 2010 16:21:05 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r936934 - in /db/derby/docs/trunk/src:
 adminguide/cadminappsclientsecurity.dita devguide/rdevcsecure557.dita
 ref/crefproper22250.dita ref/refderby.ditamap
 ref/rrefproperbuiltinalgorithm.dita
Date: Thu, 22 Apr 2010 16:21:05 -0000
To: derby-commits@db.apache.org
From: chaase3@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20100422162105.E0FF223889D2@eris.apache.org>

Author: chaase3
Date: Thu Apr 22 16:21:05 2010
New Revision: 936934

URL: http://svn.apache.org/viewvc?rev=936934&view=rev
Log:
DERBY-4579: Document the configurable hash authentication scheme

Added new topic to Reference Manual; modified 1 topic each in Dev Guide, Ref, and Admin Guide

Patch: DERBY-4579-2.diff

Added:
    db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita   (with props)
Modified:
    db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
    db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
    db/derby/docs/trunk/src/ref/crefproper22250.dita
    db/derby/docs/trunk/src/ref/refderby.ditamap

Modified: db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita?rev=936934&r1=936933&r2=936934&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita Thu Apr 22 16:21:05 2010
@@ -29,20 +29,22 @@ the <codeph>securityMechanism</codeph> p
 </metadata></prolog>
 <conbody>
 <p>You can set the <codeph>securityMechanism</codeph> property in one of the
-following ways:<ul>
+following ways:</p><ul>
 <li>When you are using the <codeph>DriverManager</codeph> interface, set <codeph>securityMechanism</codeph> in
 a <codeph>java.util.Properties</codeph> object before you invoke the form
 of the <codeph>getConnection</codeph> method, which includes the <codeph>java.util.Properties</codeph> parameter.</li>
 <li>When you are using the <codeph>DataSource</codeph> interface to create
 and deploy your own DataSource objects, invoke the <codeph>DataSource.setSecurityMechanism</codeph> method
 after you create a DataSource object.</li>
-</ul><xref href="cadminappsclientsecurity.dita#cadminappsclientsecurity/radminappsclientsecuritytable"></xref> lists
+</ul>
+<p><xref href="cadminappsclientsecurity.dita#cadminappsclientsecurity/radminappsclientsecuritytable"></xref> lists
 the security mechanisms that the <ph conref="../conrefs.dita#prod/productshortname"></ph> Network
 Client supports, and the corresponding property value to specify to obtain
 this securityMechanism. The default security mechanism is the user id only
 if no password is set. If the password is set, the default security mechanism
 is both the user id and password. The default user is APP if no other user
-is specified.<table id="radminappsclientsecuritytable"><title>Security mechanisms
+is specified.</p>
+<table id="radminappsclientsecuritytable"><title>Security mechanisms
 supported by the Derby Network Client</title>
 <tgroup cols="3"><colspec colname="col1" colwidth="45*"/><colspec colname="col2"
 colwidth="170*"/><colspec colname="col3" colwidth="85*"/>
@@ -68,13 +70,12 @@ colwidth="170*"/><colspec colname="col3"
 <entry colname="col1">Strong password substitution</entry>
 <entry colname="col2">ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY
 (0x08)</entry>
-<entry colname="col3">Strong password substitution cannot be used with external
- Derby authentication schemes (for example, LDAP). Also, this security mechanism
-uses the SHA1PRNG algorithm to generate a random number that gets exchanged
-between client and server. If you need to use this security mechanism, make
-sure that support for the SHA1PRNG algorithm is available in the JCE provider
-available with your Java Virtual Machine (JVM). This support is
-available with JVM version 1.4.2 and higher.</entry>
+<entry colname="col3">Strong password substitution can be used only with
+<ph conref="../conrefs.dita#prod/productshortname"></ph>'s BUILTIN
+authentication mechanism or with authentication disabled. Also, for the BUILTIN
+mechanism, strong password substitution does not work for database-level users
+whose password has been protected by a custom message digest algorithm specified
+by the <i>derby.authentication.builtin.algorithm</i> property.</entry>
 </row>
 <row>
 <entry colname="col1">Encrypted user id and encrypted password</entry>
@@ -85,6 +86,6 @@ the Diffie-Hellman algorithm with a publ
 </row>
 </tbody>
 </tgroup>
-</table> </p>
+</table>
 </conbody>
 </concept>

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure557.dita?rev=936934&r1=936933&r2=936934&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure557.dita Thu Apr 22 16:21:05 2010
@@ -60,6 +60,12 @@ derby.authentication.ldap.searchFilter,<
 repository in <ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
 </row>
 <row>
+<entry colname="1"><i>derby.authentication.builtin.algorithm</i></entry>
+<entry colname="2">Specifies the message digest algorithm to use to protect the
+passwords that are stored in the database when using built-in
+authentication.</entry>
+</row>
+<row>
 <entry colname="1"><i>java.naming.*</i></entry>
 <entry colname="2">JNDI properties. See Appendix A in the JNDI API reference
 for more information about these properties.</entry>

Modified: db/derby/docs/trunk/src/ref/crefproper22250.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/crefproper22250.dita?rev=936934&r1=936933&r2=936934&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/crefproper22250.dita (original)
+++ db/derby/docs/trunk/src/ref/crefproper22250.dita Thu Apr 22 16:21:05 2010
@@ -82,6 +82,11 @@ colwidth="38*"/>
 </thead>
 <tbody>
 <row>
+<entry colname="1"><i><xref href="rrefproperbuiltinalgorithm.dita#rrefproperbuiltinalgorithm">derby.authentication.builtin.algorithm</xref></i></entry>
+<entry colname="2">S, D</entry>
+<entry colname="3">X<xref href="crefproper22250.dita#crefproper22250/rrefproper97948">*</xref></entry>
+</row>
+<row>
 <entry colname="1"><i><xref href="rrefproperauthdn.dita#rrefproperauthdn">derby.authentication.ldap.searchAuthDN</xref></i></entry>
 <entry colname="2">S, D</entry>
 <entry colname="3">&nbsp;</entry>

Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?rev=936934&r1=936933&r2=936934&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Thu Apr 22 16:21:05 2010
@@ -695,6 +695,8 @@ URL syntax"></topicref>
 <topicref href="crefproperdynstat.dita" navtitle="Dynamic and static properties">
 </topicref>
 <topicref collection-type="family" href="crefproper22250.dita" navtitle="Derby properties">
+<topicref href="rrefproperbuiltinalgorithm.dita" navtitle="derby.authentication.builtin.algorithm">
+</topicref>
 <topicref href="rrefproperauthdn.dita" navtitle="derby.authentication.ldap.searchAuthDN">
 </topicref>
 <topicref href="rrefproperauthpw.dita" navtitle="derby.authentication.ldap.searchAuthPW">

Added: db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita?rev=936934&view=auto
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita Thu Apr 22 16:21:05 2010
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN" "../dtd/reference.dtd">
+<reference id="rrefproperbuiltinalgorithm" xml:lang="en-us">
+<title>derby.authentication.builtin.algorithm</title>
+<prolog><metadata>
+<keywords><indexterm>derby.authentication.builtin.algorithm</indexterm>
+<indexterm>built-in authentication algorithm<indexterm>configuring</indexterm></indexterm>
+<indexterm>message digest algorithm<indexterm>configuring</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section><title>Function</title>
+<p>Specifies the message digest algorithm to use to protect the passwords that
+are stored in the database when using built-in authentication. The value is the
+name of a message digest algorithm available from one of the Java Cryptography
+Extension (JCE) providers registered in the JVM. Some examples of valid values
+are MD5, SHA-256, and SHA-512.</p>
+<p>The specified algorithm will be applied on the concatenation of the user name
+and the password before it is stored in the database.</p>
+</section>
+<refsyn><title>Syntax</title>
+<codeblock><b>derby.authentication.builtin.algorithm=<i>algorithm</i></b></codeblock>
+<p>If the value of <i>algorithm</i> is NULL or an empty string, SHA-1 will be
+used on the password only.</p>
+</refsyn>
+<section><title>Default</title>
+<p>For a newly created database, the default value is SHA-256, if that algorithm
+is available. If SHA-256 is not available, the default is SHA-1.</p>
+</section>
+<example><title>Example</title>
+<codeblock><b><ph>-- system-wide property</ph>
+derby.authentication.builtin.algorithm=SHA-512
+
+<ph>-- database-level property</ph>
+CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
+    'derby.authentication.builtin.algorithm', 'SHA-512');</b></codeblock>
+</example>
+<section><title>Dynamic or static</title>
+<p>Dynamic; the change takes effect immediately. For information about dynamic
+changes to properties, see
+<xref href="crefproperdynstat.dita#crefproperdynstat"/>.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita
------------------------------------------------------------------------------
    svn:eol-style = native