db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Wed, 24 Mar 2010 13:16:27 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Knut Anders Hatlen updated DERBY-4483:

    Attachment: errormsg.diff

Thanks for the suggestions about the error message. That sounds like a good idea. The attached
patch (errormsg.diff) makes BasicAuthenticationServiceImpl.authenticateUser() raise an exception
with a custom error message if strong password substitution is enabled. Now it will look this
on the client:

ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: Connection authentication
failure occurred. Either the supplied credentials were invalid, or the database uses a password
encryption scheme which is not compatible with the strong password substitution security mechanism.
If this error started after upgrade, refer to the release note for DERBY-4483 for options.

I think this patch could go in independently of the patch that changes the default, if the
wording in the new message sounds OK.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>             Fix For:
>         Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat, derby-4483-2a.diff,
derby-4483-2a.stat, errormsg.diff, experiment.diff, releaseNote.html, toHexByte.diff, upgrade-test.diff
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message