You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by bu...@apache.org on 2006/02/10 08:45:03 UTC

DO NOT REPLY [Bug 38603] New: - add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38603

           Summary: add a socketFactory attribute to BasicDataSource (to
                    allow SSL "thread"-safe)
           Product: Commons
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Dbcp
        AssignedTo: commons-dev@jakarta.apache.org
        ReportedBy: hauser@acm.org


An app that accesses 2 datasources at two different places with different
security policies via SSL (different set of permitted ciphers) currently is out
of luck (http://lists.mysql.com/java/8689).

The basic datasource should be enhanced with 
 
  String socketFactory = "";

and the corresponding getter and setter method, etc.

org.apache.commons.dbcp.DriverConnectionFactory.createConnection() could then
hand-over this full className via its Properties argument to enable different
SSL policies per datasource (so, since the application programmer doesn't have
the thread under her control, I guess it should rather be called "dataSource-safe").

The jdbc driver implementation can then use this to take the appropriate socket
factory when creating a connection.

See also http://lists.mysql.com/java/8695

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

DO NOT REPLY [Bug 38603] - [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38603





------- Additional Comments From hauser@acm.org  2006-02-11 09:48 -------
see also Bug 38614 for other attributes.

To really get it safe, it is probably not sufficient to only control the
ciphers, but it should be possible to
- enforce client cert auth (not only have it optional - e.g. mysql can do that
in http://dev.mysql.com/doc/refman/5.0/en/grant.html with REQUIRE X509)
- to have a db port that only accepts encrypted connections to prevent
inadvertent password disclosure (http://bugs.mysql.com/bug.php?id=17319)
- prevent password guessing (e.g. http://bugs.mysql.com/bug.php?id=17318)

see also a formal RFE for this for connector/J in
http://bugs.mysql.com/bug.php?id=17320

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org

DO NOT REPLY [Bug 38603] - [DBCP] add a socketFactory attribute to BasicDataSource (to allow SSL "thread"-safe)

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38603


mvdb@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|add a socketFactory         |[DBCP] add a socketFactory
                   |attribute to BasicDataSource|attribute to BasicDataSource
                   |(to allow SSL "thread"-safe)|(to allow SSL "thread"-safe)




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org