db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen" <Bernt.John...@Sun.COM>
Subject Re: User/password encryption and deployment
Date Sat, 16 Jun 2007 08:19:01 GMT
>>>>>>>>>>>> Michael Segel wrote (2007-06-16 00:23:56):
> Which is why I'm a little suspect that the *only* way to do encryption on
> the wire is to be forced to bring in IBM's JCE.

You don't need the IBM JCE. Sun's JDK comes with and JCE which works
just fine. The docs tries to tell you that if you use an old IBM
environment, you need to install IBMS JCE searately.

There is, however small issue, if you choose
ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
think) does not support the shared DHS value defined in the DRDA
protocol. It's too weak. As an alternative solution for passsword
protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
-- 
Bernt Marius Johnsen, Database Technology Group, 
Staff Engineer, Technical Lead Derby/Java DB
Sun Microsystems, Trondheim, Norway

Mime
View raw message