db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <de...@segel.com>
Subject RE: User/password encryption and deployment
Date Sat, 16 Jun 2007 02:49:12 GMT
Maybe I am missing something but what exactly are you encrypting?

SSL is transmission from client to server over the net. 

Derby is Cloudscape till 2008 when IBM cuts loose.

So are you trying to use an encryption data type?

And how strong of an encryption do you want?



> -----Original Message-----
> From: david.vancouvering@gmail.com [mailto:david.vancouvering@gmail.com]
> On Behalf Of David Van Couvering
> Sent: Friday, June 15, 2007 7:24 PM
> To: Derby Discussion
> Subject: Re: User/password encryption and deployment
> 
> Good questions, Bill.   Yes, I would definitely want something that
> works with Sun JRE.
> 
> I would think Derby over SSL is good enough.  I don't know that
> STARTTLS is, and I don't know how you can configure Derby to work over
> SSL/TLS.  Any pointers?
> 
> Francois worked on this, maybe he can answer.
> 
> Thanks,
> 
> David
> 
> On 6/15/07, Bill Shannon <bill.shannon@sun.com> wrote:
> > David Van Couvering wrote:
> > > Let's say I want to deploy my application client with Java DB to 1000
> > > different client machines.
> > >
> > > If I understand things correctly, if you want to use encrypted
> > > user/password, you have to install the IBM JCE on each of these client
> > > machines and also go in and modify the java.security file in the
> > > lib/security directory of your JRE (see
> > > http://db.apache.org/derby/docs/10.2/adminguide/tadminapps811695.html)
> > >
> > > This doesn't seem reasonable/feasible for large deployments, or am I
> > > missing something?
> > >
> > > Also, the page doesn't tell you where to get the IBM JCE, except "IBM
> > > Developer Kit for the Java Platform 1.4 or later comes with IBM JCE".
> > > Hm.
> >
> > Wouldn't you want to support something that also works with Sun's JRE,
> > without modification of the JRE?
> >
> > Isn't username/password over SSL/TLS good enough?
> >
> > Does the derby network protocol support a "STARTTLS" equivalent command?
> >
> >



Mime
View raw message