Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 47734 invoked from network); 15 Jun 2007 22:21:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Jun 2007 22:21:52 -0000 Received: (qmail 37918 invoked by uid 500); 15 Jun 2007 22:21:53 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 37894 invoked by uid 500); 15 Jun 2007 22:21:53 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 37883 invoked by uid 99); 15 Jun 2007 22:21:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Jun 2007 15:21:53 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of david.vancouvering@gmail.com designates 209.85.146.179 as permitted sender) Received: from [209.85.146.179] (HELO wa-out-1112.google.com) (209.85.146.179) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Jun 2007 15:21:49 -0700 Received: by wa-out-1112.google.com with SMTP id k40so1447244wah for ; Fri, 15 Jun 2007 15:21:29 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=TTNnCwlY+vbpYIu9BUVNbJ05jKLqL+HXkF1YNGjFKsssGIaB0WS2ewiQHSRqEPRsnoNm4mHwGnEIR8U2xcW+C+P7oADne7eYE8MUmehnIdxmVxN6Yx6c+KkoItLVVNCMHgw02QLjfAeT9AMXR8z7JHJXJDZ23Ie0hdo9xRoTGfI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=lSu0WZJrKSJGWilsVTO7Pm7oElZ9dTXimFb3P6XgtwSDaTNMjq6eqtvdPdrpMhD9ySD5dQzjp8ruxgzm4JWxkf13sw+n9qICyErul+0pT/Vu3/QcwawpzehivJ0N7xmk1M+zeT9CyEm0AsLV/2GRsX8Zvbn2HjNxheEQGvKPN1M= Received: by 10.114.170.1 with SMTP id s1mr3506023wae.1181946088117; Fri, 15 Jun 2007 15:21:28 -0700 (PDT) Received: by 10.114.120.9 with HTTP; Fri, 15 Jun 2007 15:21:28 -0700 (PDT) Message-ID: <56a83cd00706151521n6ac2366cr36edcd9a34585ec7@mail.gmail.com> Date: Fri, 15 Jun 2007 15:21:28 -0700 From: "David Van Couvering" Sender: david.vancouvering@gmail.com To: "Derby Discussion" Subject: Re: securityMechanism for network client - can't make it work In-Reply-To: <20070615214823.GB10821@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4672E4A6.2020706@vancouvering.com> <20070615210014.GA10821@localhost.localdomain> <56a83cd00706151417q2dae5e77iebd3f6c2b211e8f8@mail.gmail.com> <20070615214823.GB10821@localhost.localdomain> X-Google-Sender-Auth: 799d8e1eb6342317 X-Virus-Checked: Checked by ClamAV on apache.org Thanks, Bernt, that was it. BTW, "8" is not a very helpful property value. It makes me feel like I'm in a COBOL or Fortran shop. We should add support for mnemonics, rather than just the number. I'll log a bug. Also, nowhere in the docs does it say this is what you need to do. I'll log a bug for that too. David On 6/15/07, Bernt M. Johnsen wrote: > Well the server is new enough, but what about the client. Look here: > > 10.1.3.1 client driver: > > $ java -cp db-derby-10.1.3.1-lib/lib/derbytools.jar:db-derby-13.1-lib/lib/derbyclient.jar org.apache.derby.tools.ij > ij version 10.1 > ij> connect 'jdbc:derby://localhost:1527/travel;create=true;securityMechanism=8'; > ERROR (no SQLState): security mechanism '8' not supported > > > But with 10.2.2.0 client driver: > > $ java -cp db-derby-10.2.2.0-lib/lib/derbytools.jar:db-derby-10.2.2.0-lib/lib/derbyclient.jar org.apache.derby.tools.ij > ij version 10.2 > ij> connect 'jdbc:derby://localhost:1527/travel;create=true;securityMechanism=8'; > ERROR 08001: Password can not be null. > > > The server is 10.2.2.0 in both cases (and the last error message is > correct, you need to specify user and password when security mechanism is > STRONG_PASSWORD_SUBSTITUTE_SECURITY (or 8)). > > > >>>>>>>>>>>> David Van Couvering wrote (2007-06-15 14:17:00): > > Hi, Bernt. > > > > From derby.log: > > > > Apache Derby Network Server - 10.2.2.0 - (485682) started and ready to > > accept connections on port 1527 at 2007-06-15 18:54:04.161 GMT > > > > client URL (from SquirrelSQL): > > > > jdbc:derby://localhost:1527/travel;create=true;securityMechanism=8 > > > > On 6/15/07, Bernt M. Johnsen wrote: > > >Hi, Are you sure you use Derby 10.2.1.6 or newer? The error response > > >seems to indicate an earlier version. > > > > > >Bernt > > > > > > > > >>>>>>>>>>>>> David Van Couvering wrote (2007-06-15 12:12:38): > > >> OK, I'm completely flummoxed. I am trying to use strong password > > >> mechanism instead of password in the clear, in an attempt to try and > > >> write up how to do basic security in Derby. > > >> > > >> I read the docs, and they talk about setting the securityMechanism > > >> property on the URL. But it doesn't actually have an example. I have > > >> tried: > > >> > > >> > > >"jdbc:derby://localhost:1527;securityMechanism=STRONG_PASSWORD_SUBSTITUTE_SECURITY" > > >> java.lang.NumberFormatException: For input string: > > >> "STRONG_PASSWORD_SUBSTITUTE_SECURITY" > > >> at > > >> > > >java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) > > >> at java.lang.Integer.parseInt(Integer.java:456) > > >> at java.lang.Short.parseShort(Short.java:120) > > >> at java.lang.Short.parseShort(Short.java:78) > > >> at org.apache.derby.jdbc.ClientBaseDataSource.parseShort(Unknown > > >> Source) > > >> at > > >> org.apache.derby.jdbc.ClientBaseDataSource.getSecurityMechanism(Unknown > > >> Source) > > >> => NumberFormatException > > >> > > >> "jdbc:derby://localhost:1527;securityMechanism=0x08" > > >> > > >> java.lang.NumberFormatException: For input string: "0x08" > > >> at > > >> > > >java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) > > >> at java.lang.Integer.parseInt(Integer.java:456) > > >> at java.lang.Short.parseShort(Short.java:120) > > >> at java.lang.Short.parseShort(Short.java:78) > > >> at org.apache.derby.jdbc.ClientBaseDataSource.parseShort(Unknown > > >> Source) > > >> at > > >> org.apache.derby.jdbc.ClientBaseDataSource.getSecurityMechanism(Unknown > > >> Source) > > >> "jdbc:derby://localhost:1527;securityMechanism=8" > > >> > > >> => security mechanism '8' not supported > > >> > > >> So, can someone tell me what I'm actually supposed to do here? > > >> > > >> Thanks, > > >> > > >> David > > > > > >-- > > >Bernt Marius Johnsen, Database Technology Group, > > >Staff Engineer, Technical Lead Derby/Java DB > > >Sun Microsystems, Trondheim, Norway > > > > > >-----BEGIN PGP SIGNATURE----- > > >Version: GnuPG v1.4.2.2 (GNU/Linux) > > > > > >iD8DBQFGcv3elFBD9TXBAPARAoDTAJ9f/W/gfzNTB0AfSUPAZ0KspR38bwCgg97s > > >FJaErlONnU6w4H/V+cQorH0= > > >=1uMg > > >-----END PGP SIGNATURE----- > > > > > > > > -- > Bernt Marius Johnsen, Database Technology Group, > Staff Engineer, Technical Lead Derby/Java DB > Sun Microsystems, Trondheim, Norway > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > > iD8DBQFGcwknlFBD9TXBAPARAmk2AKCCieN/HuuHmKrYH0QDmDAo5hzG7QCfT3so > oJWCqjlQZqiwfeiqW0vkWk0= > =DlPX > -----END PGP SIGNATURE----- > >