db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Van Couvering (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Wed, 14 Jun 2006 22:26:31 GMT
    [ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12416267 ] 

David Van Couvering commented on DERBY-528:
-------------------------------------------

One comment: In the test output, I noticed a lot of the following changes in master/DerbyNetClient/testSecMec.out

-# jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;password=hobbes;securityMechanism=9
- EXCEPTION Security exception encountered, see next exception for details. Caused by exception
class java.security.NoSuchProviderException: null
-TEST_DS (password=hobbes,securityMechanism=9)EXCEPTION testSecurityMechanism()  Security
exception encountered, see next exception for details. Caused by exception class java.security.NoSuchProviderException:
null
+# jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;password=hobbes;securityMechanism=9
- EXCEPTION Security exception encountered, see next exception for details.
+TEST_DS (password=hobbes,securityMechanism=9)EXCEPTION testSecurityMechanism()  Security
exception encountered, see next exception for details.

Note that the "Caused by" string has been removed.  This string is printed out when you run
in JDK 1.3, as exception chaining is not supported in this revision of the JDK.  The fact
that it has been removed leads me to suspect that master/DerbyNetClient/testSecMec.out is
specific to JDK 1.3.  Further investigation shows that there is also a master/DerbyNetClient/jdk14/testSecMec.out.
 I suspect that you replaced the JDK 1.3 master file with an output file from a JDK 1.4 or
greater test run?  I speak from painful experience... :)

David

> Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
> -----------------------------------------------------------------------------------------
>
>          Key: DERBY-528
>          URL: http://issues.apache.org/jira/browse/DERBY-528
>      Project: Derby
>         Type: New Feature

>   Components: Security
>     Versions: 10.1.1.0
>     Reporter: Francois Orsini
>     Assignee: Francois Orsini
>      Fix For: 10.2.0.0
>  Attachments: 528_SecMec_Testing_Table.txt, 528_diff_v1.txt, 528_stat_v1.txt
>
> This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.
> Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD)
via the use of DH key-agreement protocol - however current Open Group DRDA specifications
imposes small prime and base generator values (256 bits) that prevents other JCE's  to be
used as java cryptography providers - typical minimum security requirements is usually of
1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session
key.
> Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications
as another alternative to provide ciphered passwords across the wire.
> Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used when
encrypted passwords are required across the wire.
> USRSSBPWD authentication scheme will be specified by a Derby network client user via
the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY
will be defined in order to support this new (DRDA) authentication scheme.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message