Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 44197 invoked from network); 9 Sep 2006 00:45:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Sep 2006 00:45:00 -0000 Received: (qmail 91491 invoked by uid 500); 9 Sep 2006 00:44:59 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 91450 invoked by uid 500); 9 Sep 2006 00:44:59 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 91441 invoked by uid 99); 9 Sep 2006 00:44:59 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Sep 2006 17:44:59 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Sep 2006 17:44:58 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D31047142F5 for ; Sat, 9 Sep 2006 00:41:23 +0000 (GMT) Message-ID: <19696099.1157762483861.JavaMail.jira@brutus> Date: Fri, 8 Sep 2006 17:41:23 -0700 (PDT) From: "Francois Orsini (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-1675) Network Server should not send to client that it supports EUSRIDPWD when running against Sun JVM In-Reply-To: <19785106.1155320833858.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-1675?page=comments#action_12433535 ] Francois Orsini commented on DERBY-1675: ---------------------------------------- Here are my comments. Very good changes indeed Sunitha. My comments are ONLY minor ones. Mostly recommendations with some of the comments, etc. 1) java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java A) Static block: + // Sun JCE does not have support for EUSRIDPWD, whereas + // most versions of IBM JCE have support for this. Hence + // find out if the server can support EUSRIDPWD. Minor nit but EUSRIDPWD is not part of the JVM - It is just that some JCE provider(s) may not have DH support with a Prime of 32-bytes. I would have phrased this differently, such as: // DRDA Specification for the EUSRIDPWD security mechanism // requires DH algorithm support with a 32-byte prime to be // used. Not all JCE implementations have support for this. // Hence here we need to find out if EUSRIDPWD can be used // with the current JVM. Again, this is just my recommendation to phrase this differently - Take it or leave it :) + /** + * EUSRIDPWD support depends on the availability of the + * algorithm in the JCE implementation in the classpath + * of the server. At runtime, information about this + * capability is figured out. + * @return whether EUSRIDPWD is supported or not + */ B) supportsEUSRIDPWD(): Here I would have just put the following comments: /** * This method returns whether EUSRIDPWD security mechanism * is supported or not. See class static block for more * info. * @return true if EUSRIDPWD is supported, falso otherwise */ I think you need 1 more CR (line space before the next getIntPropVal()) 2) +++ java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/protocol.tests -readScalar2Bytes SECMEC 3// SECMEC -readScalar2Bytes SECMEC 9// SECMEC -readScalar2Bytes SECMEC 4// SECMEC -readScalar2Bytes SECMEC 8// SECMEC -readScalar1Byte SECCHKCD 1// SECMEC +readSecMecAndSECCHKCD // read secmec values and secchkcd We're loosing the returned list to check here but I guess it is not obvious to have this protocol test driver behave conditionally based on the JVM being run, etc...since there is no canon's for this test if am not mistaken...Anyway, too much of a big deal I'd say. I have also tested the patch with Solaris / jdk 1.5 ... Cheers. > Network Server should not send to client that it supports EUSRIDPWD when running against Sun JVM > ------------------------------------------------------------------------------------------------ > > Key: DERBY-1675 > URL: http://issues.apache.org/jira/browse/DERBY-1675 > Project: Derby > Issue Type: Improvement > Components: Network Server > Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.2.1.0, 10.1.2.1, 10.1.3.0, 10.1.3.1 > Reporter: Sunitha Kambhampati > Assigned To: Sunitha Kambhampati > Priority: Minor > Attachments: derby1675.diff.txt, derby1675.stat.txt > > > As part of ACCSECRD, if the server does not accept the security mechanism sent by the client, the server will send a list of security mechanism that it supports. Currently even when the server is running with sun jvm, it will still send EUSRIDPWD as a sec mec that it supports, which is incorrect. The server should test if it can support EUSRIDPWD dynamically and if it does, only then send EURRIDPWD as an option that it supports. > see DRDAConnThread.writeACCSECRD(int) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira