db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Wed, 24 Mar 2010 23:37:27 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849526#action_12849526
] 

Knut Anders Hatlen commented on DERBY-4483:
-------------------------------------------

Thanks Kim and Bryan.

I'm not sure if the last sentence would have to be removed for the next release. Since users
may skip versions when they upgrade, it may be just as relevant in future releases. But then
there's the problem that we say "refer to the release note" although it won't be mentioned
in the release notes for that future release, so I agree it may be somewhat confusing.

Perhaps we should keep the sentence for now and file a JIRA issue to get it removed from trunk
once the 10.6 branch has been cut? Then all 10.6.X releases will give this hint, hopefully
helping most of those who'll be hit by the issue, while future feature releases won't have
a reference to the release notes for an ancient release. And would it be better to say "refer
to the release notes for Derby 10.6.1" instead of "release note for DERBY-4483"? That may
make it clearer where to look if a user gets this message in a later release.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>             Fix For: 10.6.0.0
>
>         Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat, derby-4483-2a.diff,
derby-4483-2a.stat, errormsg.diff, experiment.diff, releaseNote.html, toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message