db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <de...@segel.com>
Subject RE: User/password encryption and deployment
Date Sat, 16 Jun 2007 05:29:03 GMT
Just to follow up to my own post...
http://db.apache.org/derby/docs/10.2/adminguide/tadminapps811695.html)

Unless my tired eyes deceive me...  (Its 12:30am and its been a long
day...),

This deals with encryption of the database and not encryption between the
client and the database.

> -----Original Message-----
> From: Michael Segel [mailto:msegel@segel.com]
> Sent: Saturday, June 16, 2007 12:24 AM
> To: 'Derby Discussion'
> Subject: RE: User/password encryption and deployment
> 
> 
> 
> > -----Original Message-----
> > From: Bill Shannon [mailto:bill.shannon@sun.com]
> > Sent: Saturday, June 16, 2007 12:04 AM
> > To: Derby Discussion
> > Subject: Re: User/password encryption and deployment
> >
> > derby@segel.com wrote:
> > > Maybe I am missing something but what exactly are you encrypting?
> > >
> > > SSL is transmission from client to server over the net.
> > >
> > > Derby is Cloudscape till 2008 when IBM cuts loose.
> > >
> > > So are you trying to use an encryption data type?
> > >
> > > And how strong of an encryption do you want?
> >
> > I think the idea is to protect the communication between the client
> > and the server so that passwords aren't sent in the clear.  None of
> > the data being stored in the database is being encrypted, just the
> > client/server communication.
> >
> > It *is* 2007.  Isn't this pretty much standard by now?
> 
> Uhm well, one would think.
> 
> Which is why I'm a little suspect that the *only* way to do encryption on
> the wire is to be forced to bring in IBM's JCE.
> 
> I'll admit I haven't looked at this issue in depth, just trying to
> understand the use case and see if its beyond encrypting the session ...
> 
> 
> 
> 
> 




Mime
View raw message