db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-528) Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
Date Sat, 15 Jul 2006 16:22:16 GMT
    [ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12421312 ] 
Kathey Marsden commented on DERBY-528:

Thanks Francois for this important change and thank you for including comments in the code.
 Even with the comments, I  started reviewing the patch and  am finding it hard because of
two things.

1) I  did not understand the high level strategy when I started review, for example I am not
sure why the Client security mechanisms have been moved into BasicAuthenticationServiceImpl

 2) I see that you hit DERBY-1363, a bug in the Derby project itself.  Even though we don't
have a coding standard I think it would be good for the added code to match the surrounding
code style and indentation.   I added this to http://wiki.apache.org/db-derby/DerbyContributorChecklist

When you submit the new patch to fix 10.2 client with 10.1 server, I was wondering if you
could provide an overview of your strategy and the associated code changes made.  I think
it will make things easier for reviewers.  Good examples are  DERBY-928 https://issues.apache.org/jira/browse/DERBY-928#action_12366294
 and DERBY-170 changes.html



> Support for DRDA Strong User ID and Password Substitute Authentication (USRSSBPWD) scheme
> -----------------------------------------------------------------------------------------
>                 Key: DERBY-528
>                 URL: http://issues.apache.org/jira/browse/DERBY-528
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions:
>            Reporter: Francois Orsini
>         Assigned To: Francois Orsini
>             Fix For:
>         Attachments: 528_diff_v1.txt, 528_diff_v2.txt, 528_SecMec_Testing_Table.txt,
528_stat_v1.txt, 528_stat_v2.txt
> This JIRA will add support for (DRDA) Strong User ID and Password Substitute Authentication
(USRSSBPWD) scheme in the network client/server driver layers.
> Current Derby DRDA network client  driver supports encrypted userid/password (EUSRIDPWD)
via the use of DH key-agreement protocol - however current Open Group DRDA specifications
imposes small prime and base generator values (256 bits) that prevents other JCE's  to be
used as java cryptography providers - typical minimum security requirements is usually of
1024 bits (512-bit absolute minimum) when using DH key-agreement protocol to generate a session
> Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of DRDA specifications
as another alternative to provide ciphered passwords across the wire.
> Support of USRSSBPWD authentication scheme will enable additional JCE's to  be used when
encrypted passwords are required across the wire.
> USRSSBPWD authentication scheme will be specified by a Derby network client user via
the securityMechanism property on the connection UR - A new property value such as ENCRYPTED_PASSWORD_SECURITY
will be defined in order to support this new (DRDA) authentication scheme.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message