db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Sat, 15 Jul 2006 16:22:16 GMT
    [ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12421312 ] 
            
Kathey Marsden commented on DERBY-528:
--------------------------------------

Thanks Francois for this important change and thank you for including comments in the code.
 Even with the comments, I  started reviewing the patch and  am finding it hard because of
two things.

1) I  did not understand the high level strategy when I started review, for example I am not
sure why the Client security mechanisms have been moved into BasicAuthenticationServiceImpl

 2) I see that you hit DERBY-1363, a bug in the Derby project itself.  Even though we don't
have a coding standard I think it would be good for the added code to match the surrounding
code style and indentation.   I added this to http://wiki.apache.org/db-derby/DerbyContributorChecklist


When you submit the new patch to fix 10.2 client with 10.1 server, I was wondering if you
could provide an overview of your strategy and the associated code changes made.  I think
it will make things easier for reviewers.  Good examples are  DERBY-928 https://issues.apache.org/jira/browse/DERBY-928#action_12366294
 and DERBY-170 changes.html

Thanks 

Kathey

> Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
> -----------------------------------------------------------------------------------------
>
>                 Key: DERBY-528
>                 URL: http://issues.apache.org/jira/browse/DERBY-528
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions: 10.1.1.0
>            Reporter: Francois Orsini
>         Assigned To: Francois Orsini
>             Fix For: 10.2.0.0
>
>         Attachments: 528_diff_v1.txt, 528_diff_v2.txt, 528_SecMec_Testing_Table.txt,
528_stat_v1.txt, 528_stat_v2.txt
>
>
> This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.
> Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD)
via the use of DH key-agreement protocol - however current Open Group DRDA specifications
imposes small prime and base generator values (256 bits) that prevents other JCE's  to be
used as java cryptography providers - typical minimum security requirements is usually of
1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session
key.
> Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications
as another alternative to provide ciphered passwords across the wire.
> Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used when
encrypted passwords are required across the wire.
> USRSSBPWD authentication scheme will be specified by a Derby network client user via
the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY
will be defined in order to support this new (DRDA) authentication scheme.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message