db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunitha Kambhampati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-928) Add ability to network server to accept connections with a certain security mechanism.
Date Tue, 07 Feb 2006 18:58:57 GMT
    [ http://issues.apache.org/jira/browse/DERBY-928?page=comments#action_12365466 ] 

Sunitha Kambhampati commented on DERBY-928:
-------------------------------------------

Thanks Bryan for your comments. Yes option #2 - USER_ONLY_SECURITY makes sense to me too.


In this jira I plan to add this server side property and take can take in values as USER_ONLY_SECURITY,
etc. These will internally map to integer constants - the correct SECMEC values. 

I agree the client connection url can be enhanced to take security mechanism as friendly string
names and this should be possible with changes to the client side. I think the client connection
url should allow even an integer value for the securityMechanism to allow for backward compatibility
with older clients. I'll open a jira for this. Thanks. 


> Add ability to network server to accept connections with a certain security mechanism.
> --------------------------------------------------------------------------------------
>
>          Key: DERBY-928
>          URL: http://issues.apache.org/jira/browse/DERBY-928
>      Project: Derby
>         Type: New Feature
>   Components: Network Server
>     Reporter: Sunitha Kambhampati
>      Fix For: 10.2.0.0

>
> Currently the network server has support for the following security mechanisms
> 1) USRIDONL (userid only),
> 2) USRIDPWD (clear text userid and password),
> 3) EUSRIDPWD (encrypted userid and password).
> Thus the #3 encrypted userid and password security mechanism is secure with respect to
the userid/password sent across the wire.  Currently there is no way to setup the network
server to ensure that it accepts connections coming in at a certain security mechanism.  
It seems reasonable & useful to have a server want to accept connections from clients
with a particular security mechanism (e.g  lets say encrypted userid/password and reject usridpwd
ie clear text userid and password)
> This jira will add support for this by adding a property to enable the server to be able
to accept connections from clients with a certain security mechanism.
> --------------------
> I actually couldnt find if a rank was given to the security mechanisms in the drda spec.
 If it were so, then maybe a property for setting the minimum security mechanism accepted
by the server would be appropriate.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message