db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laura Stewart (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-2837) Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
Date Fri, 06 Jul 2007 02:26:04 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Laura Stewart updated DERBY-2837:
---------------------------------

    Attachment: cadminappsclientsecurity.dita
                derby2837.diff

Attaching the patch and source file for the concept topic.
Used the concept template and copied over the content so
as to remove all of the "Reference" topic tags.

> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY
and JCE support
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2837
>                 URL: https://issues.apache.org/jira/browse/DERBY-2837
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.3.1.0
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>             Fix For: 10.3.1.1, 10.4.0.0
>
>         Attachments: cadminappsclientsecurity.dita, DERBY-2837.diff, DERBY-2837.stat,
DERBY-2837.zip, derby2837.diff
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message