db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5651) Protocol error when connecting to db with NATIVE authentication using strong password substitution
Date Thu, 15 Mar 2012 16:31:43 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13230278#comment-13230278
] 

Rick Hillegas commented on DERBY-5651:
--------------------------------------

Thanks, Knut. If we made this change, what would a client application see when it tried to
connect with good credentials and securityMechanism=8 to a 10.9 server that uses BUILTIN authentication
with substitutable passwords (declared on the VM boot command line or declared in derby.properties
or stored in the database using the 10.5 hashing scheme)?

1) The connection attempt would be rejected with an error message saying that the securityMechanism
is no longer supported.

or

2) The connection attempt would succeed but there would be a warning attached to the returned
Connection. The warning would note that the securityMechanism wasn't honored.

Thanks,
-Rick
                
> Protocol error when connecting to db with NATIVE authentication using strong password
substitution
> --------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5651
>                 URL: https://issues.apache.org/jira/browse/DERBY-5651
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>
> If you connect to a db with native authentication using strong password substitution
to protect the password, you'll get a protocol error:
> ij(CONNECTION2)> connect 'jdbc:derby://localhost/db;user=app;password=papp;securityMechanism=8';
> ERROR 08006: A network protocol error was encountered and the connection has been terminated:
A PROTOCOL Data Stream Syntax Error was detected.  Reason: 0x18. Plaintext connection attempt
to an SSL enabled server?
> I don't think strong password substitution is intended to work with NATIVE, but it should
probably fail more gracefully. With BUILTIN, you'll get a more helpful error message:
> ij(CONNECTION5)> connect 'jdbc:derby://localhost/db2;user=app;password=papp;securityMechanism=8';
> ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: Connection authentication
failure occurred. Either the supplied credentials were invalid, or the database uses a password
encryption scheme not compatible with the strong password substitution security mechanism.
If this error started after upgrade, refer to the release note for DERBY-4483 for options.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message