You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Laura Stewart (JIRA)" <ji...@apache.org> on 2007/07/06 04:13:05 UTC

[jira] Reopened: (DERBY-2837) Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support

     [ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Laura Stewart reopened DERBY-2837:
----------------------------------


The structure of the fie needs to be updated.
It still contains the reference structure and needs to be converted to a concept.

> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2837
>                 URL: https://issues.apache.org/jira/browse/DERBY-2837
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.3.1.0
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>             Fix For: 10.3.1.1, 10.4.0.0
>
>         Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.