db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: Password encryption in 10.3 by default?
Date Wed, 22 Aug 2007 08:44:39 GMT
That's correct. By the way, you can also configure the Derby server to only
accept connections issued with a particular securityMechanism.
See 'derby.drda.securityMechanism' network server property in
http://db.apache.org/derby/docs/dev/adminguide/adminguide-single.html#tadminconfigsettingnetwrokserverproperties

On 8/21/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
>
> David Van Couvering <david@vancouvering.com> writes:
>
> > Hi, all.  Someone asked me if things have changed around password
> > encryption in 10.3 - is there some form of encryption by default, or
> > is the default still to send the password in the clear?  I scanned the
> > "what's new" section of the release page but couldn't find anything
> > definitive...
>
> Hi David,
>
> It is my understanding that you still need to add the securityMechanism
> attribute to the connection URL in order to get password encryption.
>
> http://db.apache.org/derby/docs/dev/ref/rrefattribsecmech.html:
>
>   Clear Text Password security is the default if you do not specify the
>   securityMechanism attribute and you specify both the user=userName and
>   password=userPassword attributes.
>
> --
> Knut Anders
>

Mime
View raw message