db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunitha Kambhampati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-928) Add ability to network server to accept connections with a certain security mechanism.
Date Tue, 07 Feb 2006 18:58:57 GMT
    [ http://issues.apache.org/jira/browse/DERBY-928?page=comments#action_12365466 ] 

Sunitha Kambhampati commented on DERBY-928:

Thanks Bryan for your comments. Yes option #2 - USER_ONLY_SECURITY makes sense to me too.

In this jira I plan to add this server side property and take can take in values as USER_ONLY_SECURITY,
etc. These will internally map to integer constants - the correct SECMEC values. 

I agree the client connection url can be enhanced to take security mechanism as friendly string
names and this should be possible with changes to the client side. I think the client connection
url should allow even an integer value for the securityMechanism to allow for backward compatibility
with older clients. I'll open a jira for this. Thanks. 

> Add ability to network server to accept connections with a certain security mechanism.
> --------------------------------------------------------------------------------------
>          Key: DERBY-928
>          URL: http://issues.apache.org/jira/browse/DERBY-928
>      Project: Derby
>         Type: New Feature
>   Components: Network Server
>     Reporter: Sunitha Kambhampati
>      Fix For:

> Currently the network server has support for the following security mechanisms
> 1) USRIDONL (userid only),
> 2) USRIDPWD (clear text userid and password),
> 3) EUSRIDPWD (encrypted userid and password).
> Thus the #3 encrypted userid and password security mechanism is secure with respect to
the userid/password sent across the wire.  Currently there is no way to setup the network
server to ensure that it accepts connections coming in at a certain security mechanism.  
It seems reasonable & useful to have a server want to accept connections from clients
with a particular security mechanism (e.g  lets say encrypted userid/password and reject usridpwd
ie clear text userid and password)
> This jira will add support for this by adding a property to enable the server to be able
to accept connections from clients with a certain security mechanism.
> --------------------
> I actually couldnt find if a rank was given to the security mechanisms in the drda spec.
 If it were so, then maybe a property for setting the minimum security mechanism accepted
by the server would be appropriate.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message