Hi, Andrew. This is helpful, thanks. But my attempts to find out how
to "use" SSL/TLS is not clear. Is there a way to use this over any
old TCP socket connection? The closest thing I can find is STARTTLS,
which is what Bill was referring to, but this appears to require
cooperation within the network code. A regular old user of Derby
doesn't seem to have the power to make a connection happen over SSL
S when you say "SSL is the recommended alternative," exactly what do
you mean? How would you tell a user to *do* this?
Thanks,
David
On 6/16/07, Andrew McIntyre <mcintyre.a@gmail.com> wrote:
> On 6/15/07, Bill Shannon <bill.shannon@sun.com> wrote:
> >
> > I think the idea is to protect the communication between the client
> > and the server so that passwords aren't sent in the clear. None of
> > the data being stored in the database is being encrypted, just the
> > client/server communication.
> >
> > It *is* 2007. Isn't this pretty much standard by now?
>
> See the discussion in http://issues.apache.org/jira/browse/DERBY-65
>
> SSL is the recommended alternative to using the secure password
> protocol defined by the DRDA specification. Bernt Johnsen worked on
> this for 10.3, due out shortly, and it appears to be complete:
>
> https://issues.apache.org/jira/browse/DERBY-2108
>
> andrew
>
|