db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2837) Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
Date Wed, 04 Jul 2007 08:27:05 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510113
] 

Bernt M. Johnsen commented on DERBY-2837:
-----------------------------------------

Thanks for looking at this, Myrna.

The renaming is because I changed from task to concept (to use task was not suitable to the
content anymore). For some odd reason, it has been decided that all task files starts with
"t" and all concept files with "c" etc, so I just wanted to be conform with the rules...

I'll take another look at the patch and see if there's something wrong with the patch (I've
never done svn rename before, so it might be related to that).

> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY
and JCE support
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2837
>                 URL: https://issues.apache.org/jira/browse/DERBY-2837
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.3.1.0
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>             Fix For: 10.3.1.1, 10.4.0.0
>
>         Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message