db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Van Couvering" <da...@vancouvering.com>
Subject Re: User/password encryption and deployment
Date Mon, 18 Jun 2007 01:07:59 GMT
Hi, Andrew.  This is helpful, thanks.  But my attempts to find out how
to "use" SSL/TLS is not clear.  Is there a way to use this over any
old TCP socket connection?  The closest thing I can find is STARTTLS,
which is what Bill was referring to, but this appears to require
cooperation within the network code.  A regular old user of Derby
doesn't seem to have the power to make a connection happen over SSL

S when you say "SSL is the recommended alternative," exactly what do
you mean?  How would you tell a user to *do* this?

Thanks,

David

On 6/16/07, Andrew McIntyre <mcintyre.a@gmail.com> wrote:
> On 6/15/07, Bill Shannon <bill.shannon@sun.com> wrote:
> >
> > I think the idea is to protect the communication between the client
> > and the server so that passwords aren't sent in the clear.  None of
> > the data being stored in the database is being encrypted, just the
> > client/server communication.
> >
> > It *is* 2007.  Isn't this pretty much standard by now?
>
> See the discussion in http://issues.apache.org/jira/browse/DERBY-65
>
> SSL is the recommended alternative to using the secure password
> protocol defined by the DRDA specification. Bernt Johnsen worked on
> this for 10.3, due out shortly, and it appears to be complete:
>
> https://issues.apache.org/jira/browse/DERBY-2108
>
> andrew
>

Mime
View raw message