db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1305875 - in /db/derby/docs/trunk/src: devguide/cdevcsecurenativeauth.dita devguide/rdevcsecure557.dita ref/crefproper22250.dita ref/refderby.ditamap ref/rrefproperiterations.dita ref/rrefpropersaltlength.dita
Date Tue, 27 Mar 2012 15:34:19 GMT
Author: chaase3
Date: Tue Mar 27 15:34:19 2012
New Revision: 1305875

URL: http://svn.apache.org/viewvc?rev=1305875&view=rev
Log:
DERBY-5550  Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations

Added two new Reference Manual topics; modified one Reference Manual and two Developer's Guide
topics.

Patch: DERBY-5550-2.diff

Added:
    db/derby/docs/trunk/src/ref/rrefproperiterations.dita   (with props)
    db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita   (with props)
Modified:
    db/derby/docs/trunk/src/devguide/cdevcsecurenativeauth.dita
    db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
    db/derby/docs/trunk/src/ref/crefproper22250.dita
    db/derby/docs/trunk/src/ref/refderby.ditamap

Modified: db/derby/docs/trunk/src/devguide/cdevcsecurenativeauth.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecurenativeauth.dita?rev=1305875&r1=1305874&r2=1305875&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecurenativeauth.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecurenativeauth.dita Tue Mar 27 15:34:19 2012
@@ -124,7 +124,10 @@ expiration date. You can change this pro
 <codeph>derby.authentication.native.passwordLifetimeThreshold</codeph>.</p>
 <p>Use the <codeph>derby.authentication.builtin.algorithm</codeph> property
to
 change the way passwords are encrypted when they are stored in the SYSUSERS
-system table. The default algorithm is SHA-256.</p></section>
+system table. The default algorithm is SHA-256. Two related properties are
+<codeph>derby.authentication.builtin.saltLength</codeph> and 
+<codeph>derby.authentication.builtin.iterations</codeph>, which can be used to
+make the hashed passwords harder for attackers to crack.</p></section>
 <section><title>Managing users and passwords</title>
 <p>To manage users and passwords,
 <ph conref="../conrefs.dita#prod/productshortname"></ph> provides a group of

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure557.dita?rev=1305875&r1=1305874&r2=1305875&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure557.dita Tue Mar 27 15:34:19 2012
@@ -56,6 +56,16 @@ passwords that are stored in the databas
 authentication.</entry>
 </row>
 <row>
+<entry colname="1"><codeph>derby.authentication.builtin.iterations</codeph></entry>
+<entry colname="2">Specifies the number of times to apply the hash function
+specified by the message digest algorithm.</entry>
+</row>
+<row>
+<entry colname="1"><codeph>derby.authentication.builtin.saltLength</codeph></entry>
+<entry colname="2">Specifies the number of bytes of random salt that will be
+added to users' credentials before hashing them.</entry>
+</row>
+<row>
 <entry colname="1"><codeph>derby.authentication.native.passwordLifetimeMillis</codeph></entry>
 <entry colname="2">Specifies the number of milliseconds that a password used for
 NATIVE authentication remans valid.</entry>

Modified: db/derby/docs/trunk/src/ref/crefproper22250.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/crefproper22250.dita?rev=1305875&r1=1305874&r2=1305875&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/crefproper22250.dita (original)
+++ db/derby/docs/trunk/src/ref/crefproper22250.dita Tue Mar 27 15:34:19 2012
@@ -95,6 +95,16 @@ conglomerates.</p>
 <entry colname="3">Dynamic</entry>
 </row>
 <row>
+<entry colname="1"><i><xref href="rrefproperiterations.dita#rrefproperiterations">derby.authentication.builtin.iterations</xref></i></entry>
+<entry colname="2">S, D</entry>
+<entry colname="3">Dynamic</entry>
+</row>
+<row>
+<entry colname="1"><i><xref href="rrefpropersaltlength.dita#rrefpropersaltlength">derby.authentication.builtin.saltLength</xref></i></entry>
+<entry colname="2">S, D</entry>
+<entry colname="3">Dynamic</entry>
+</row>
+<row>
 <entry colname="1"><i><xref href="rrefproperauthdn.dita#rrefproperauthdn">derby.authentication.ldap.searchAuthDN</xref></i></entry>
 <entry colname="2">S, D</entry>
 <entry colname="3">Static</entry>

Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?rev=1305875&r1=1305874&r2=1305875&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Tue Mar 27 15:34:19 2012
@@ -724,6 +724,10 @@ URL syntax"></topicref>
 <topicref collection-type="family" href="crefproper22250.dita" navtitle="Derby properties">
 <topicref href="rrefproperbuiltinalgorithm.dita" navtitle="derby.authentication.builtin.algorithm">
 </topicref>
+<topicref href="rrefproperiterations.dita" navtitle="derby.authentication.builtin.iterations">
+</topicref>
+<topicref href="rrefpropersaltlength.dita" navtitle="derby.authentication.builtin.saltLength">
+</topicref>
 <topicref href="rrefproperauthdn.dita" navtitle="derby.authentication.ldap.searchAuthDN">
 </topicref>
 <topicref href="rrefproperauthpw.dita" navtitle="derby.authentication.ldap.searchAuthPW">

Added: db/derby/docs/trunk/src/ref/rrefproperiterations.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproperiterations.dita?rev=1305875&view=auto
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproperiterations.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefproperiterations.dita Tue Mar 27 15:34:19 2012
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN" "../dtd/reference.dtd">
+<reference id="rrefproperiterations" xml:lang="en-us">
+<title>derby.authentication.builtin.iterations</title>
+<prolog><metadata>
+<keywords><indexterm>derby.authentication.builtin.iterations</indexterm>
+<indexterm>password hashing<indexterm>configuring</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section><title>Function</title>
+<p>Specifies the number of times to apply the hash function (which is specified
+by the
+<i><xref href="rrefproperbuiltinalgorithm.dita#rrefproperbuiltinalgorithm">derby.authentication.builtin.algorithm</xref></i>
+property) on the credentials. Iteration slows down attackers by forcing them to
+spend more time calculating hashes.</p>
+<p>This property is in effect only if NATIVE or BUILTIN authentication is
+specified by the
+<i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
+property and if the <i>derby.authentication.builtin.algorithm</i> property has
a
+non-null value.</p>
+</section>
+<refsyn><title>Syntax</title>
+<codeblock><b>derby.authentication.builtin.iteration=<i>number_of_iterations</i></b></codeblock>
+<p>The minimum value is 1.</p>
+</refsyn>
+<section><title>Default</title>
+<p>1000.</p>
+</section>
+<example><title>Example</title>
+<codeblock><b><ph>-- system-wide property</ph>
+derby.authentication.builtin.iterations=2000
+
+<ph>-- database-level property</ph>
+CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
+    'derby.authentication.builtin.iterations', '2000');</b></codeblock>
+</example>
+<section><title>Dynamic or static</title>
+<p>Dynamic; the change takes effect immediately. For information about dynamic
+changes to properties, see
+<xref href="crefproperdynstat.dita#crefproperdynstat"/>.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/ref/rrefproperiterations.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita?rev=1305875&view=auto
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita Tue Mar 27 15:34:19 2012
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN" "../dtd/reference.dtd">
+<reference id="rrefpropersaltlength" xml:lang="en-us">
+<title>derby.authentication.builtin.saltLength</title>
+<prolog><metadata>
+<keywords><indexterm>derby.authentication.builtin.saltLength</indexterm>
+<indexterm>password hashing<indexterm>configuring</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section><title>Function</title>
+<p>Specifies the number of bytes of random salt that will be added to users'
+credentials before hashing them. Random salt has the effect of making it
+difficult for attackers to decode passwords by constructing rainbow tables.</p>
+<p>This property is in effect only if NATIVE or BUILTIN authentication is
+specified by the
+<i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
+property and if the
+<i><xref href="rrefproperbuiltinalgorithm.dita#rrefproperbuiltinalgorithm">derby.authentication.builtin.algorithm</xref></i>
+property has a non-null value.</p>
+</section>
+<refsyn><title>Syntax</title>
+<codeblock><b>derby.authentication.builtin.saltLength=<i>number_of_bytes</i></b></codeblock>
+</refsyn>
+<section><title>Default</title>
+<p>16.</p>
+</section>
+<example><title>Example</title>
+<codeblock><b><ph>-- system-wide property</ph>
+derby.authentication.builtin.saltLength=32
+
+<ph>-- database-level property</ph>
+CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
+    'derby.authentication.builtin.saltLength', '32');</b></codeblock>
+</example>
+<section><title>Dynamic or static</title>
+<p>Dynamic; the change takes effect immediately. For information about dynamic
+changes to properties, see
+<xref href="crefproperdynstat.dita#crefproperdynstat"/>.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message