You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2014/02/21 20:35:07 UTC
svn commit: r1570678 - in /db/derby/docs/trunk/src: devguide/ ref/

Author: chaase3
Date: Fri Feb 21 19:35:06 2014
New Revision: 1570678

URL: http://svn.apache.org/r1570678
Log:
DERBY-6234  Remove references to BUILTIN authentication from the user guides

Removed 1 Reference Manual topic, modified 5 more and the map file. Removed 3 Developer's Guide topics, modified 7 more and the map file.

Patch: DERBY-6234-2.diff

Removed:
    db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure864642.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure864692.dita
    db/derby/docs/trunk/src/ref/rrefpropercachedn.dita
Modified:
    db/derby/docs/trunk/src/devguide/cdevcsecure37817.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure865818.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure865880.dita
    db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita
    db/derby/docs/trunk/src/devguide/derbydev.ditamap
    db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
    db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita
    db/derby/docs/trunk/src/ref/refderby.ditamap
    db/derby/docs/trunk/src/ref/rrefproper13766.dita
    db/derby/docs/trunk/src/ref/rrefproper27355.dita
    db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita
    db/derby/docs/trunk/src/ref/rrefproperiterations.dita
    db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure37817.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure37817.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure37817.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure37817.dita Fri Feb 21 19:35:06 2014
@@ -41,7 +41,6 @@ database only.</p>
 <xref href="cdevcsecure41285.dita#cdevcsecure41285"></xref>.
 </li>
 <li><xref href="cdevcsecure21561.dita#cdevcsecure21561"></xref></li>
-<li><xref href="cdevcsecure21547.dita#cdevcsecure21547"></xref></li>
 </ul>
 <note>Shutting down the <ph conref="../conrefs.dita#prod/productshortname"></ph> system
 (for example, using the <i>shutdown=true</i> form of the connection URL without

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita Fri Feb 21 19:35:06 2014
@@ -52,16 +52,7 @@ details.</li>
 <li>You can hook <ph conref="../conrefs.dita#prod/productshortname"></ph> up to
 an external directory service elsewhere in your enterprise.</li>
 <li>You can create your own directory service.</li>
-<li>You can use <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-simple BUILTIN mechanism for creating a repository of users.
-</li></ul>
-<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is strongly
-recommended that production systems rely on NATIVE authentication, an
-external directory service such as LDAP, or a user-defined class for
-authentication. It is also strongly recommended that production systems protect
-network connections with SSL/TLS.</note>
+</ul>
 <p>You can define a repository of users for a particular database or for an
 entire system, depending on whether you use system-wide or database-wide
 properties.</p>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure865818.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure865818.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure865818.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure865818.dita Fri Feb 21 19:35:06 2014
@@ -29,8 +29,6 @@ to the database.</shortdesc>
 </keywords>
 </metadata></prolog>
 <conbody>
-<p>If you use SQL authorization (the default with NATIVE authentication), you
-typically do not use this property.</p>
 <p>The valid settings for the <codeph>derby.database.defaultConnectionMode</codeph> property
 are:<ul>
 <li><varname>noAccess</varname></li>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure865880.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure865880.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure865880.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure865880.dita Fri Feb 21 19:35:06 2014
@@ -31,8 +31,6 @@ database.</shortdesc>
 </keywords>
 </metadata></prolog>
 <conbody>
-<p>If you use SQL authorization (the default with NATIVE authentication), you
-typically do not use these properties.</p>
 <p>You can specify multiple user IDs by using a comma-separated list, with
 no spaces between the comma and the next user ID.</p>
 <p>To set the user authorizations for individual users, specify the access

Modified: db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita Fri Feb 21 19:35:06 2014
@@ -47,17 +47,6 @@ in the system unless it is set individua
 properties affects only conglomerates that are created after the change.
 Conglomerates created earlier are unaffected.</p>
 <p><note>Database-wide properties are stored in the database and are simpler for
-deployment, in the sense that they follow the database. Database-wide properties
-are also recommended for security reasons when you use
-<ph conref="../conrefs.dita#prod/productshortname"></ph> BUILTIN user
-authentication (see <xref href="cdevcsecuree.dita#cdevcsecuree"></xref>).
-System-wide properties can be more practical during the development
+deployment, in the sense that they follow the database. System-wide properties can be more practical during the development
 process.</note></p>
-<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is strongly
-recommended that production systems rely on NATIVE authentication, an external
-directory service such as LDAP, or a user-defined class for authentication. It
-is also strongly recommended that production systems protect network connections
-with SSL/TLS.</note></p>
 </conbody></concept>

Modified: db/derby/docs/trunk/src/devguide/derbydev.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/derbydev.ditamap?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/derbydev.ditamap (original)
+++ db/derby/docs/trunk/src/devguide/derbydev.ditamap Fri Feb 21 19:35:06 2014
@@ -1250,16 +1250,6 @@ limitations under the License.
 </relrow>
 <relrow>
 <relcell>
-<topicref href="cdevcsecure864642.dita" navtitle="Database-level properties">
-</topicref>
-</relcell>
-<relcell>
-<topicref href="cdevcsecure864692.dita" navtitle="System-level properties">
-</topicref>
-</relcell>
-</relrow>
-<relrow>
-<relcell>
 <topicref href="rdevcsecure766.dita" navtitle="Programming the application to provide the user and password">
 </topicref>
 </relcell>
@@ -1952,12 +1942,6 @@ with updatable result sets"></topicref>
 </topicref>
 </topicref>
 </topicref>
-<topicref href="cdevcsecure21547.dita" navtitle="Built-in Derby users">
-<topicref href="cdevcsecure864642.dita" navtitle="Database-level properties">
-</topicref>
-<topicref href="cdevcsecure864692.dita" navtitle="System-level properties">
-</topicref>
-</topicref>
 <topicref href="rdevcsecure557.dita" navtitle="List of user-authentication properties">
 </topicref>
 <topicref href="cdevcsecure79358.dita" navtitle="Programming applications for Derby user authentication">

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure557.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure557.dita Fri Feb 21 19:35:06 2014
@@ -52,7 +52,7 @@ list of</indexterm></keywords>
 <row>
 <entry colname="1"><codeph>derby.authentication.builtin.algorithm</codeph></entry>
 <entry colname="2">Specifies the message digest algorithm to use to protect the
-passwords that are stored in the database when using NATIVE or BUILTIN
+passwords that are stored in the database when using NATIVE
 authentication.</entry>
 </row>
 <row>
@@ -95,8 +95,9 @@ the server.</entry>
 </row>
 <row>
 <entry colname="1"><codeph>derby.user.UserName</codeph></entry>
-<entry colname="2">Creates a user name and password for the BUILTIN user
-repository in <ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
+<entry colname="2">Caches user DNs locally for LDAP authentication when
+<codeph>derby.authentication.ldap.searchFilter</codeph> is set to
+<codeph>derby.user</codeph>.</entry>
 </row>
 <row>
 <entry colname="1"><codeph>java.naming.*</codeph></entry>
@@ -108,14 +109,5 @@ scope="external">http://docs.oracle.com/
 </tbody>
 </tgroup>
 </table>
-<section>
-<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is strongly
-recommended that production systems rely on NATIVE authentication, an
-external directory service such as LDAP, or a user-defined class for
-authentication. It is also strongly recommended that production systems protect
-network connections with SSL/TLS.</note>
-</section>
 </refbody>
 </reference>

Modified: db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita Fri Feb 21 19:35:06 2014
@@ -42,13 +42,6 @@ deregister the embedded driver in order 
 specify credentials (that is, username and password) in order to shut down a
 <ph conref="../conrefs.dita#prod/productshortname"></ph> system, and the
 supplied username and password must also be defined at the system level.</p>
-<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is strongly
-recommended that production systems rely on NATIVE authentication, an
-external directory service such as LDAP, or a user-defined class for
-authentication. It is also strongly recommended that production systems protect
-network connections with SSL/TLS.</note>
 <p>You can also shut down
 an individual database if you specify the <i>databaseName</i>. You can shut
 down the database of the current connection if you specify the default connection

Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Fri Feb 21 19:35:06 2014
@@ -1310,9 +1310,7 @@ URL syntax"></topicref>
 <topicref href="rrefproperdurability.dita" navtitle="derby.system.durability">
 </topicref>
 <topicref href="rrefproper32066.dita" navtitle="derby.system.home"></topicref>
-<topicref href="rrefproper27355.dita" navtitle="derby.user.UserName">
-<topicref href="rrefpropercachedn.dita" navtitle="Caching user DNs"></topicref>
-</topicref>
+<topicref href="rrefproper27355.dita" navtitle="derby.user.UserName"></topicref>
 <topicref href="rrefproperdatadictversion.dita" navtitle="DataDictionaryVersion"></topicref>
 </topicref>
 </topicref>

Modified: db/derby/docs/trunk/src/ref/rrefproper13766.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproper13766.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproper13766.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproper13766.dita Fri Feb 21 19:35:06 2014
@@ -53,15 +53,6 @@ procedure.</p>
 <li>LDAP   <p>An external LDAP directory service.</p></li>
 <li>A complete Java class name   <p>A user-defined class that provides user
 authentication.</p></li>
-<li>BUILTIN   <p><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-simple internal user authentication repository.</p>
-<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is
-strongly recommended that production systems rely on NATIVE authentication, an
-external directory service such as LDAP, or a user-defined class for
-authentication. It is also strongly recommended that production systems protect
-network connections with SSL/TLS.</note></li>
 </ul>
 <p>For more information about these settings, see "Using NATIVE
 authentication" and "External directory service" in the
@@ -120,7 +111,6 @@ naming service providers to JNDI.</p>
 <codeblock><b>derby.authentication.provider={ NATIVE:<i>credentialsDB</i> | 
                                 NATIVE:<i>credentialsDB</i>:LOCAL |
                                 LDAP | 
-                                BUILTIN | 
                                 <b><i>classProviderName</i></b> }</b></codeblock>
 </refsyn>
 <section><title>Default</title> <p>No authentication.</p> </section>

Modified: db/derby/docs/trunk/src/ref/rrefproper27355.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproper27355.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproper27355.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproper27355.dita Fri Feb 21 19:35:06 2014
@@ -27,68 +27,34 @@ limitations under the License.
 </metadata></prolog>
 <refbody>
 <section><title>Function</title>
-<p>Has two uses:</p>
-<p><ul>
-<li>Creates users and passwords when
-<i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
-is set to <i>BUILTIN</i>.</li>
-<li>Caches user DNs locally when <i>derby.authentication.provider</i> is set to
+<p>Caches user DNs locally when <i>derby.authentication.provider</i> is set to
 <i>LDAP</i> and
 <i><xref href="rrefproper37341.dita#rrefproper37341">derby.authentication.ldap.searchFilter</xref></i>
-is set to <i>derby.user</i>.</li>
-</ul></p>
-<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-BUILTIN authentication mechanism is suitable only for development and testing
-purposes, and it will no longer be documented in future releases. It is strongly
-recommended that production systems rely on NATIVE authentication, an
-external directory service such as LDAP, or a user-defined class for
-authentication. It is also strongly recommended that production systems protect
-network connections with SSL/TLS.</note></p>
+is set to <i>derby.user</i>.</p>
+<p>When you provide a user DN with this property,
+<ph conref="../conrefs.dita#prod/productshortname"></ph> is able to avoid an
+LDAP search for that user's DN before authenticating. For those users without
+DNs defined with this property,
+<ph conref="../conrefs.dita#prod/productshortname"></ph> performs a search using
+the default value of <i>derby.authentication.ldap.searchFilter</i>.</p>
+<p>User names are <xref
+href="crefsqlj34834.dita#crefsqlj34834">SQL92Identifier</xref>s and can be
+delimited.</p>
 </section>
-<section><title>Users and Passwords</title>
-<p>This property creates valid clear-text users and passwords within
-<ph conref="../conrefs.dita#prod/productshortname"></ph> when the
-<i>derby.authentication.provider</i> property is set to <i>BUILTIN</i>. For
-information about users, see "Working with user authentication" in the
-<ph conref="../conrefs.dita#pub/citdevelop"></ph>.</p>
-<ul>
-<li><i>Database-Level Properties</i>   <p>When you create users with
-database-level properties, those users are available to the specified database
-only.</p>
-<p>You set the property once for each user. To delete a user, set that user's
-password to null.</p></li>
-<li><i>System-Level Properties</i>   <p>When you create users with system-level
-properties, those users are available to all databases in the system.</p>
-<p>You set the value of this system-wide property once for each user, so you can
-set it several times. To delete a user, remove that user from the file.</p>
-<p>You can define this property in the usual ways -- typically in the
-<i>derby.properties</i> file.</p></li>
-</ul>
-<p>When a user name and its corresponding password are provided in the
-<i>DriverManager.getConnection</i> call,
-<ph conref="../conrefs.dita#prod/productshortname"></ph> validates them against
-the properties defined for the current system.</p>
-<p>User names are <i>SQL92Identifiers</i> and can be delimited.</p> </section>
 <refsyn><title>Syntax</title>
-<codeblock><b>derby.user.{<i>UserName</i>=<i>Password</i>} | <i>UserName=userDN</i> }</b></codeblock>
+<codeblock><b>derby.user.<i>UserName=userDN</i></b></codeblock>
 <codeblock><b><ph>-- database-level property</ph>
 CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
     'derby.user.<i>UserName</i>',
-    '<i>Password | userDN</i>')</b></codeblock> </refsyn>
+    '<i>userDN</i>')</b></codeblock> </refsyn>
 <section><title>Default</title>
 <p>None.</p> </section>
 <example><title>Example</title>
 <codeblock><b><ph>-- system-level property</ph>
-derby.user.guest=java5w</b></codeblock>
-<codeblock><b>derby.user.sa=<ph conref="../conrefs.dita#prod/productshortname"></ph>3x9
+derby.user.Diana=uid=Diana,ou=People,o=example.com
 
-derby.user."!Amber"=java5w
 <ph>-- database-level property</ph>
 CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
-    'derby.user.sa',
-    '<ph conref="../conrefs.dita#prod/productshortname"></ph>3x9')
-<ph>-- cache a userDN locally, database-level property</ph>
-CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
     'derby.user.richard',
     'uid=richard, ou=People, o=example.com')
 </b></codeblock> </example>

Modified: db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproperbuiltinalgorithm.dita Fri Feb 21 19:35:06 2014
@@ -27,7 +27,7 @@ limitations under the License.
 <refbody>
 <section><title>Function</title>
 <p>Specifies the message digest algorithm to use to protect the passwords that
-are stored in the database when using NATIVE or BUILTIN authentication. The value is the
+are stored in the database when using NATIVE authentication. The value is the
 name of a message digest algorithm available from one of the Java Cryptography
 Extension (JCE) providers registered in the JVM. Some examples of valid values
 are MD5, SHA-256, and SHA-512.</p>

Modified: db/derby/docs/trunk/src/ref/rrefproperiterations.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproperiterations.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproperiterations.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproperiterations.dita Fri Feb 21 19:35:06 2014
@@ -30,7 +30,7 @@ by the
 <i><xref href="rrefproperbuiltinalgorithm.dita#rrefproperbuiltinalgorithm">derby.authentication.builtin.algorithm</xref></i>
 property) on the credentials. Iteration slows down attackers by forcing them to
 spend more time calculating hashes.</p>
-<p>This property is in effect only if NATIVE or BUILTIN authentication is
+<p>This property is in effect only if NATIVE authentication is
 specified by the
 <i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
 property and if the <i>derby.authentication.builtin.algorithm</i> property has a

Modified: db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita?rev=1570678&r1=1570677&r2=1570678&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefpropersaltlength.dita Fri Feb 21 19:35:06 2014
@@ -28,7 +28,7 @@ limitations under the License.
 <p>Specifies the number of bytes of random salt that will be added to users'
 credentials before hashing them. Random salt has the effect of making it
 difficult for attackers to decode passwords by constructing rainbow tables.</p>
-<p>This property is in effect only if NATIVE or BUILTIN authentication is
+<p>This property is in effect only if NATIVE authentication is
 specified by the
 <i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
 property and if the