db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5651) Protocol error when connecting to db with NATIVE authentication using strong password substitution
Date Thu, 15 Mar 2012 13:01:38 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13230141#comment-13230141

Knut Anders Hatlen commented on DERBY-5651:

> If I understand password substitution correctly, it can only be used when the server
knows the cleartext password.

That's right. At least that's how it's supposed to be. Derby's implementation of password
substitution actually also works when it doesn't know the password, as long as derby.authentication.builtin.algorithm
is null, because it takes a shortcut and effectively makes the stored hashed password the
password. In addition to the weakness of the hash algorithm used when that property is null,
this also makes it possible for authenticated users to call syscs_get_database_property()
to get the hashed passwords for other users, and use a slightly modified client driver to
trick the server into thinking it knows the other users' passwords.

> Are you suggesting that we simply remove the substitution logic and raise a warning if
securityMechanism=8 is specified?

Yes. I think this mechanism only provides a false sense of security.

> I think that the backward compatibility issues with that change would be minor and acceptable.

That's particularly true after we made derby.authentication.builtin.algorithm default to a
non-null value in 10.6 and later, so databases created with one of these later releases wouldn't
allow the use of securityMechanism=8 in the first place. So only those with a clear-text user
database, or those upgrading from 10.5 and earlier, should be affected.
> Protocol error when connecting to db with NATIVE authentication using strong password
> --------------------------------------------------------------------------------------------------
>                 Key: DERBY-5651
>                 URL: https://issues.apache.org/jira/browse/DERBY-5651
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Services
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
> If you connect to a db with native authentication using strong password substitution
to protect the password, you'll get a protocol error:
> ij(CONNECTION2)> connect 'jdbc:derby://localhost/db;user=app;password=papp;securityMechanism=8';
> ERROR 08006: A network protocol error was encountered and the connection has been terminated:
A PROTOCOL Data Stream Syntax Error was detected.  Reason: 0x18. Plaintext connection attempt
to an SSL enabled server?
> I don't think strong password substitution is intended to work with NATIVE, but it should
probably fail more gracefully. With BUILTIN, you'll get a more helpful error message:
> ij(CONNECTION5)> connect 'jdbc:derby://localhost/db2;user=app;password=papp;securityMechanism=8';
> ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: Connection authentication
failure occurred. Either the supplied credentials were invalid, or the database uses a password
encryption scheme not compatible with the strong password substitution security mechanism.
If this error started after upgrade, refer to the release note for DERBY-4483 for options.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message