Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 29611 invoked from network); 18 Jun 2007 01:08:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 18 Jun 2007 01:08:27 -0000 Received: (qmail 27052 invoked by uid 500); 18 Jun 2007 01:08:28 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 27007 invoked by uid 500); 18 Jun 2007 01:08:28 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 26982 invoked by uid 99); 18 Jun 2007 01:08:27 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Jun 2007 18:08:27 -0700 Received-SPF: pass (herse.apache.org: domain of david.vancouvering@gmail.com designates 209.85.146.183 as permitted sender) Received: from [209.85.146.183] (HELO wa-out-1112.google.com) (209.85.146.183) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Jun 2007 18:08:20 -0700 Received: by wa-out-1112.google.com with SMTP id k40so2241987wah for ; Sun, 17 Jun 2007 18:08:00 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=jWnSiyrdkjMWFVMu2BEyoCThHOetlA+oXUd0La8U4bagZEpOj8ubEq2Ku91AeZedvJKJqSFJ+Lf4+ttEK0maZx7chfFoAyyNj8QZBdP4rGFO5bhL5sFK3lxbLBD92RaLiATQTKIEMt2lkn+qMtskkb7gmsU3ZoIuL1VbX2XumFU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=T2hzhrlMzG5QKjz6/j4ftGbvWpeebZ/wDal/ZTR+ThVPKU0Ii8mijBBq9C2pxyNPd/fkDDppSwchM4UlI3lsv018+juoCbE0oQb/cxCcwLH8W2izM/Qe5inLYgpy+SE3UGwyZJnPSQzgJPe7s/AWRcMv63UuRuFFrYJiZHcwi74= Received: by 10.114.198.1 with SMTP id v1mr5647644waf.1182128879991; Sun, 17 Jun 2007 18:07:59 -0700 (PDT) Received: by 10.114.120.13 with HTTP; Sun, 17 Jun 2007 18:07:59 -0700 (PDT) Message-ID: <56a83cd00706171807s5e530df0n3ac16f3989f75545@mail.gmail.com> Date: Sun, 17 Jun 2007 18:07:59 -0700 From: "David Van Couvering" Sender: david.vancouvering@gmail.com To: "Derby Discussion" Subject: Re: User/password encryption and deployment In-Reply-To: <54ac72d70706160035q32acd2e0t1fda00a0aa98e41@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070616025707.5198152529@dbrack01.segel.com> <46736F59.2030804@sun.com> <54ac72d70706160035q32acd2e0t1fda00a0aa98e41@mail.gmail.com> X-Google-Sender-Auth: 45b2eb366e85a4df X-Virus-Checked: Checked by ClamAV on apache.org Hi, Andrew. This is helpful, thanks. But my attempts to find out how to "use" SSL/TLS is not clear. Is there a way to use this over any old TCP socket connection? The closest thing I can find is STARTTLS, which is what Bill was referring to, but this appears to require cooperation within the network code. A regular old user of Derby doesn't seem to have the power to make a connection happen over SSL S when you say "SSL is the recommended alternative," exactly what do you mean? How would you tell a user to *do* this? Thanks, David On 6/16/07, Andrew McIntyre wrote: > On 6/15/07, Bill Shannon wrote: > > > > I think the idea is to protect the communication between the client > > and the server so that passwords aren't sent in the clear. None of > > the data being stored in the database is being encrypted, just the > > client/server communication. > > > > It *is* 2007. Isn't this pretty much standard by now? > > See the discussion in http://issues.apache.org/jira/browse/DERBY-65 > > SSL is the recommended alternative to using the secure password > protocol defined by the DRDA specification. Bernt Johnsen worked on > this for 10.3, due out shortly, and it appears to be complete: > > https://issues.apache.org/jira/browse/DERBY-2108 > > andrew >