db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: User/password encryption and deployment
Date Mon, 18 Jun 2007 20:12:08 GMT
Yes, you might want to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (8) since it
does not actually send some encrypted password but a substitute based on
Hashing and computation with values (seeds) exchanged with the client and
the server. It works for Sun and IBM JRE's. Using SSL is duoable in 10.3 but
it is over-kill in my opinion if you don't need to encrypt *all* data
exchanged between a client and server. Some applications do not even need to
use SSL (or password encryption, but why not) if there already on a secure
private network (behind the firewall for instance), by using IPSEC
protocols.

On 6/17/07, David Van Couvering <david@vancouvering.com> wrote:
>
> Oh, I get it now, 10.3 will add support for SSL.  But this will
> encrypt all network traffic.  If you just want to encrypt the
> password, you have to use the existing password encryption
> functionality (either ENCRYPT or STRONG SUBSTITUTION), right?
>
> And for 10.2, there is no SSL support, right?
>
> David
>
> On 6/16/07, Andrew McIntyre <mcintyre.a@gmail.com> wrote:
> > On 6/15/07, Bill Shannon <bill.shannon@sun.com> wrote:
> > >
> > > I think the idea is to protect the communication between the client
> > > and the server so that passwords aren't sent in the clear.  None of
> > > the data being stored in the database is being encrypted, just the
> > > client/server communication.
> > >
> > > It *is* 2007.  Isn't this pretty much standard by now?
> >
> > See the discussion in http://issues.apache.org/jira/browse/DERBY-65
> >
> > SSL is the recommended alternative to using the secure password
> > protocol defined by the DRDA specification. Bernt Johnsen worked on
> > this for 10.3, due out shortly, and it appears to be complete:
> >
> > https://issues.apache.org/jira/browse/DERBY-2108
> >
> > andrew
> >
>

Mime
View raw message