db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-866) Derby User Management Enhancements
Date Fri, 23 Dec 2011 17:30:32 GMT

     [ https://issues.apache.org/jira/browse/DERBY-866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-866:
--------------------------------

    Attachment: derby-866-08-aa-passwordHasher.diff

Attaching derby-866-08-aa-passwordHasher.diff.  This patch wires the NATIVE procedures to
the new password hashing scheme which Knut introduced with DERBY-5539. I am running tests
now.

The patch abstracts the post-10.5 password hashing logic into a new class, PasswordHasher.
The logic is now used by the SQL layer as well as the authentication code in the JDBC layer.
So I put PasswordHasher in the lower layer. More specifically, I put PasswordHasher in the
DataDictionary because authentication code was already calling into the DataDictionary in
order to configure password hashing. But other people may have ideas about a better place
to park this code--your thoughts are of course welcome.

Touches the following files:

---------

M       java/storeless/org/apache/derby/impl/storeless/EmptyDictionary.java
M       java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
M       java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
M       java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
M       java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
A       java/engine/org/apache/derby/iapi/sql/dictionary/PasswordHasher.java

Abstracts the password hashing code into a PasswordHasher class which lives in the DataDictionary.


---------


M       java/engine/org/apache/derby/catalog/SystemProcedures.java

Wires the PasswordHasher into syscs_create_user, syscs_modify_password, and syscs_reset_password.

---------

M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthProcs.java

Adds new tests to verify that the NATIVE hashing scheme changes as expected when you tune
the BUILTIN knobs which control password hashing.

                
> Derby User Management Enhancements
> ----------------------------------
>
>                 Key: DERBY-866
>                 URL: https://issues.apache.org/jira/browse/DERBY-866
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.2.1.6
>            Reporter: Francois Orsini
>            Assignee: Rick Hillegas
>         Attachments: Derby_User_Enhancement.html, Derby_User_Enhancement_v1.1.html, DummyAuthenticator.java,
UserManagement.html, UserManagement.html, UserManagement.html, UserManagement.html, derby-866-01-aa-sysusers.diff,
derby-866-01-ab-sysusers.diff, derby-866-02-ag-createDropUser.diff, derby-866-03-aa-resetModifyPassword.diff,
derby-866-03-ab-resetModifyPassword.diff, derby-866-04-aa-fixRolesTest.diff, derby-866-05-aa-grantRevoke.diff,
derby-866-06-aa-upgradeFrom10.1.diff, derby-866-07-aa-removeSQLPassword.diff, derby-866-08-aa-passwordHasher.diff,
dummyCredentials.properties
>
>
> Proposal to enhance Derby's Built-In DDL User Management. (See proposal spec attached
to the JIRA).
> Abstract:
> This feature aims at improving the way BUILT-IN users are managed in Derby by providing
a more intuitive and familiar DDL interface. Currently (in 10.1.2.1), Built-In users can be
defined at the system and/or database level. Users created at the system level can be defined
via JVM or/and Derby system properties in the derby.properties file. Built-in users created
at the database level are defined via a call to a Derby system procedure (SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY)
which sets a database property.
> Defining a user at the system level is very convenient and practical during the development
phase (EOD) of an application - However, the user's password is not encrypted and consequently
appears in clear in the derby.properties file. Hence, for an application going into production,
whether it is embedded or not, it is preferable to create users at the database level where
the password is encrypted.
> There is no real ANSI SQL standard for managing users in SQL but by providing a more
intuitive and known interface, it will ease Built-In User management at the database level
as well as Derby's adoption.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message