db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (DERBY-2837) Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
Date Wed, 04 Jul 2007 12:10:05 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510157
] 

Bernt M. Johnsen edited comment on DERBY-2837 at 7/4/07 5:09 AM:
-----------------------------------------------------------------

Both + and - lines on a "new"  file happens because I both renamed and modified a file. Patch
(or at least the version of patch I use, 2.5.4) does not handle that. I assume that svn commit
will handle it correctly.


 was:
Both + and - lines on one file comes from the fact that I both renamed and modified a file.
patch (or at least the version of patch I use, 2.5.4) does not handle that. I assume that
svn commit will handle it correctly.

> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY
and JCE support
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2837
>                 URL: https://issues.apache.org/jira/browse/DERBY-2837
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.3.1.0
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>             Fix For: 10.3.1.1, 10.4.0.0
>
>         Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message