db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2356) Make SSL server authentication optional
Date Fri, 23 Feb 2007 07:21:05 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12475279
] 

John H. Embretsen commented on DERBY-2356:
------------------------------------------

Yes, using the -ssl basic option for the other NetworkServerControl commands as well worked
just great, makes sense. So 4) would essentially be clear enough by just appending an "s"
to "the server command" :)

Regarding 3), I only followed the examples in the funcSpec, thinking this was somehow implemented
differently. The regular variant 
<command> -ssl <sslMode> [otherOptions]
works just fine.

> Make SSL server authentication optional
> ---------------------------------------
>
>                 Key: DERBY-2356
>                 URL: https://issues.apache.org/jira/browse/DERBY-2356
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Client, Network Server
>    Affects Versions: 10.3.0.0
>            Reporter: Bernt M. Johnsen
>         Assigned To: Bernt M. Johnsen
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2356-v1.diff, derby-2356-v1.stat, SSLFuncSpect.txt
>
>
> Default SSL behaviour is to require serer authentication. For a database application
this is not as important as it is for web browsers and also creates som extra hassle for the
user/application programmer. Since the main objective for SSL in Derby is encryption on the
wire, server authentication should be optional (the same way client authentication is).
> This also creates some symmetry which can be exploited to simplify the user interfce
somewhat. This improvement to DERBY-2108 is described in the attached functional specification.
See the attachment for details.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message