db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Fri, 26 Feb 2010 12:52:28 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12838850#action_12838850

Knut Anders Hatlen commented on DERBY-4483:

One note about testing:

There are no tests in experiment.diff. There will of course have to be tests in the final
patch. In addition to tests of the basic functionality, there should also be upgrade tests
to verify that it works as expected in full and soft upgrade, as well as that you can move
back to older versions after a soft upgrade. I don't know if the upgrade tests currently support
tests that use authentication. I will have to look at that.

I did however run derbyall and suites.All with the patch and saw no failures (as expected
since the old code path was still used in all tests).

I also ran derbyall and suites.All with a variant of the patch that hard-coded the use of
the new scheme with the SHA-256 algorithm. Only one test failed, NSSecurityMechanismTest.
This was an expected failure because of the incompatibility with the strong password substitution
mechanism mentioned in my previous comment.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: experiment.diff
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message