You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Rick Hillegas <Ri...@Sun.COM> on 2007/12/11 17:25:26 UTC
Can Derby authentication be used securely?
I am trying to figure out how Derby BUILTIN and LDAP authentication can
be used without storing a master password in plaintext. I would
appreciate the community's advice.
1) With BUILTIN authentication, there is no encrypted storage for
server-wide credentials. E.g., the credentials needed to authenticate
and bring down the Derby engine. I think that these credentials must be
supplied in plaintext either in derby.properties or in the script which
starts the server.
2) With LDAP authentication, I think that the master LDAP password
(derby.authentication.ldap.searchAuthPW must be stored in plaintext the
same way.
Am I confused? Is there a recommended workaround for this vulnerability?
Thanks,
-Rick
Re: Can Derby authentication be used securely?
Posted by Daniel John Debrunner <dj...@apache.org>.
Rick Hillegas wrote:
> I am trying to figure out how Derby BUILTIN and LDAP authentication can
> be used without storing a master password in plaintext. I would
> appreciate the community's advice.
>
> 2) With LDAP authentication, I think that the master LDAP password
> (derby.authentication.ldap.searchAuthPW must be stored in plaintext the
> same way.
If the LDAP server supports anonymous searches then
derby.authentication.ldap.searchAuthPW is not required.
http://db.apache.org/derby/docs/10.2/tuning/rtunsearchauthpw.html
Dan.
Re: Can Derby authentication be used securely?
Posted by John Embretsen <Jo...@Sun.COM>.
I see there is some discussion around this in
http://issues.apache.org/jira/browse/DERBY-866
Rick Hillegas wrote:
> I am trying to figure out how Derby BUILTIN and LDAP authentication can
> be used without storing a master password in plaintext. I would
> appreciate the community's advice.
--
John
Re: Can Derby authentication be used securely?
Posted by John Embretsen <Jo...@Sun.COM>.
Rick Hillegas wrote:
> I am trying to figure out how Derby BUILTIN and LDAP authentication can
> be used without storing a master password in plaintext. I would
> appreciate the community's advice.
>
> 1) With BUILTIN authentication, there is no encrypted storage for
> server-wide credentials. E.g., the credentials needed to authenticate
> and bring down the Derby engine. I think that these credentials must be
> supplied in plaintext either in derby.properties or in the script which
> starts the server.
I think this is true, and it's a pity. It's a classical problem, though, see
e.g. [1]. It helps setting the file permissions so that derby.properties is
readable only by the user running the Network Server, but you would have to rely
on additional layers of security as well.
> Is there a recommended workaround for this vulnerability?
Not sure... Use a different (non-BUILTIN) authentication provider?
[1]: http://www.perlmonks.org/?node_id=441605
--
John