db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (DERBY-4468) Security weaknesses
Date Tue, 08 Jun 2010 13:55:10 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Knut Anders Hatlen resolved DERBY-4468.

    Fix Version/s:
       Resolution: Fixed

The vulnerable mechanism was deprecated in Derby 10.6 (a new mechanism was implemented in
DERBY-4483 and replaced the vulnerable one as the default), so I'm marking this issue as fixed.
Thanks for reporting the issue, Marcell!

See DERBY-4483 and Marcell's writeup describing the problem at http://marcellmajor.com/derbyhash.html
for details.

> Security weaknesses
> -------------------
>                 Key: DERBY-4468
>                 URL: https://issues.apache.org/jira/browse/DERBY-4468
>             Project: Derby
>          Issue Type: Bug
>         Environment: All platform.
>            Reporter: Marcell Major
>             Fix For:
>   Original Estimate: 24h
>  Remaining Estimate: 24h
> There are security weaknesses in Derby password handling. I want to share the details
with Derby developers but I cannot find the suitable confidential forum/mail address for that.
Please give me an email address to send it to the correct mailbox...

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message