You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Bernt M. Johnsen (JIRA)" <ji...@apache.org> on 2007/07/04 14:10:05 UTC
[jira] Issue Comment Edited: (DERBY-2837) Update docs on
STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY
and JCE support
[ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510157 ]
Bernt M. Johnsen edited comment on DERBY-2837 at 7/4/07 5:09 AM:
-----------------------------------------------------------------
Both + and - lines on a "new" file happens because I both renamed and modified a file. Patch (or at least the version of patch I use, 2.5.4) does not handle that. I assume that svn commit will handle it correctly.
was:
Both + and - lines on one file comes from the fact that I both renamed and modified a file. patch (or at least the version of patch I use, 2.5.4) does not handle that. I assume that svn commit will handle it correctly.
> Update docs on STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and JCE support
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-2837
> URL: https://issues.apache.org/jira/browse/DERBY-2837
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.3.1.0
> Reporter: Bernt M. Johnsen
> Assignee: Bernt M. Johnsen
> Fix For: 10.3.1.1, 10.4.0.0
>
> Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip
>
>
> Bernt M. Johnsen wrote:
> >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56):
> >>Which is why I'm a little suspect that the *only* way to do encryption on
> >>the wire is to be forced to bring in IBM's JCE.
> >
> >You don't need the IBM JCE. Sun's JDK comes with and JCE which works
> >just fine. The docs tries to tell you that if you use an old IBM
> >environment, you need to install IBMS JCE searately.
> That section (installing an IBM JCE) should be removed from the
> documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM
> level.
> >
> >There is, however small issue, if you choose
> >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I
> >think) does not support the shared DHS value defined in the DRDA
> >protocol. It's too weak. As an alternative solution for passsword
> >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY.
> This information would be great to add to the docs. Restating the
> requirements in terms of a JCE that supports "the shared DHS value
> defined in the DRDA protocol" (whatever the correct JCE term for that
> is) and not specifically the IBM JCE. The documentation then should
> state that this is not supported by some JCEs due to its weakness and an
> alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?).
> Dan.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.