db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Segel" <mse...@segel.com>
Subject RE: User/password encryption and deployment
Date Sat, 16 Jun 2007 05:23:56 GMT


> -----Original Message-----
> From: Bill Shannon [mailto:bill.shannon@sun.com]
> Sent: Saturday, June 16, 2007 12:04 AM
> To: Derby Discussion
> Subject: Re: User/password encryption and deployment
> 
> derby@segel.com wrote:
> > Maybe I am missing something but what exactly are you encrypting?
> >
> > SSL is transmission from client to server over the net.
> >
> > Derby is Cloudscape till 2008 when IBM cuts loose.
> >
> > So are you trying to use an encryption data type?
> >
> > And how strong of an encryption do you want?
> 
> I think the idea is to protect the communication between the client
> and the server so that passwords aren't sent in the clear.  None of
> the data being stored in the database is being encrypted, just the
> client/server communication.
> 
> It *is* 2007.  Isn't this pretty much standard by now?

Uhm well, one would think.

Which is why I'm a little suspect that the *only* way to do encryption on
the wire is to be forced to bring in IBM's JCE.

I'll admit I haven't looked at this issue in depth, just trying to
understand the use case and see if its beyond encrypting the session ...







Mime
View raw message