db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laura Stewart (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2837) Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
Date Thu, 05 Jul 2007 18:25:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510442
] 

Laura Stewart commented on DERBY-2837:
--------------------------------------

Bernt - The dita source uses specific tags for each type of topic - concept, reference, task.
You can't simply rename the file. Instead you must create a new file using the correct template
in 
..\docs\trunk\templates
and delete the file that has the wrong type.

I can't tell if anything else is wrong. If you post your dita file to this issue I can take
a look...

> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY
and JCE support
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2837
>                 URL: https://issues.apache.org/jira/browse/DERBY-2837
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.3.1.0
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>             Fix For: 10.3.1.1, 10.4.0.0
>
>         Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message