db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Wed, 24 Mar 2010 13:16:27 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen updated DERBY-4483:
--------------------------------------

    Attachment: errormsg.diff

Thanks for the suggestions about the error message. That sounds like a good idea. The attached
patch (errormsg.diff) makes BasicAuthenticationServiceImpl.authenticateUser() raise an exception
with a custom error message if strong password substitution is enabled. Now it will look this
on the client:

ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: Connection authentication
failure occurred. Either the supplied credentials were invalid, or the database uses a password
encryption scheme which is not compatible with the strong password substitution security mechanism.
If this error started after upgrade, refer to the release note for DERBY-4483 for options.

I think this patch could go in independently of the patch that changes the default, if the
wording in the new message sounds OK.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>             Fix For: 10.6.0.0
>
>         Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat, derby-4483-2a.diff,
derby-4483-2a.stat, errormsg.diff, experiment.diff, releaseNote.html, toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message