You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by bu...@apache.org on 2006/02/10 08:45:03 UTC
DO NOT REPLY [Bug 38603] New: - add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38603
Summary: add a socketFactory attribute to BasicDataSource (to
allow SSL "thread"-safe)
Product: Commons
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Dbcp
AssignedTo: commons-dev@jakarta.apache.org
ReportedBy: hauser@acm.org
An app that accesses 2 datasources at two different places with different
security policies via SSL (different set of permitted ciphers) currently is out
of luck (http://lists.mysql.com/java/8689).
The basic datasource should be enhanced with
String socketFactory = "";
and the corresponding getter and setter method, etc.
org.apache.commons.dbcp.DriverConnectionFactory.createConnection() could then
hand-over this full className via its Properties argument to enable different
SSL policies per datasource (so, since the application programmer doesn't have
the thread under her control, I guess it should rather be called "dataSource-safe").
The jdbc driver implementation can then use this to take the appropriate socket
factory when creating a connection.
See also http://lists.mysql.com/java/8695
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 38603] - [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38603
------- Additional Comments From hauser@acm.org 2006-02-11 09:48 -------
see also Bug 38614 for other attributes.
To really get it safe, it is probably not sufficient to only control the
ciphers, but it should be possible to
- enforce client cert auth (not only have it optional - e.g. mysql can do that
in http://dev.mysql.com/doc/refman/5.0/en/grant.html with REQUIRE X509)
- to have a db port that only accepts encrypted connections to prevent
inadvertent password disclosure (http://bugs.mysql.com/bug.php?id=17319)
- prevent password guessing (e.g. http://bugs.mysql.com/bug.php?id=17318)
see also a formal RFE for this for connector/J in
http://bugs.mysql.com/bug.php?id=17320
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 38603] - [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38603
mvdb@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|add a socketFactory |[DBCP] add a socketFactory
|attribute to BasicDataSource|attribute to BasicDataSource
|(to allow SSL "thread"-safe)|(to allow SSL "thread"-safe)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org