You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by sc...@apache.org on 2007/03/22 21:34:32 UTC
svn commit: r521448 - in /db/derby/docs/trunk/src:
adminguide/cadminapps49914.dita adminguide/cadminapps811631.dita
adminguide/cadminapps811656.dita ref/refderby.ditamap
ref/rrefattribsecmech.dita
Author: scotsmatrix
Date: Thu Mar 22 13:34:31 2007
New Revision: 521448
URL: http://svn.apache.org/viewvc?view=rev&rev=521448
Log:
DERBY-2361: Added the new attribute for securityMechanism was added, examples improved, and topic titles clarified. Patch derby-2361-4.diff contributed by Kim Haase.
Added:
db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (with props)
Modified:
db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
db/derby/docs/trunk/src/ref/refderby.ditamap
Modified: db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps49914.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps49914.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps49914.dita Thu Mar 22 13:34:31 2007
@@ -22,28 +22,28 @@
<prolog><metadata>
<keywords><indexterm>User authentication differences<indexterm>and Network
Server</indexterm></indexterm><indexterm>Network Server<indexterm>user authentication
-and</indexterm></indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.
-CLEAR_TEXT_ PASSWORD_SECURITY</indexterm><indexterm>Security properties<indexterm>supported
+and</indexterm></indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY</indexterm><indexterm>Security properties<indexterm>supported
by Network Server</indexterm></indexterm><indexterm>Network Server<indexterm>supported
-security properties</indexterm></indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.
-USER_ONLY_SECURITY</indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.
-ENCRYPTED_USER_AND_ PASSWORD_SECURITY</indexterm></keywords>
+security properties</indexterm></indexterm><indexterm>org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY</indexterm>
+<indexterm>org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY</indexterm>
+<indexterm>org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY</indexterm></keywords>
</metadata></prolog>
<conbody>
<p>When running <ph conref="adminconrefs.dita#prod/productshortname"></ph> in
embedded mode or when using the <ph conref="adminconrefs.dita#prod/productshortname"></ph> Network
Server, you can enable or disable server-side user authentication. However,
-when using the Network Server, the default security mechanism (<codeph>CLEAR_TEXT_PASSWORD</codeph>)
+when using the Network Server, the default security mechanism (<codeph>CLEAR_TEXT_PASSWORD_SECURITY</codeph>)
requires that you supply both the user name and password.</p>
<p>In addition to the default user name and password security mechanism, <i>org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY, </i
> <ph conref="adminconrefs.dita#prod/productshortname"></ph> Network Server
supports the following security properties:</p>
<ul>
-<li><i>UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY)</i>
- <p>When using this mechanism, you must specify only the user property.</p></li>
-<li><i>Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)</i> <p>When using this mechanism, both password and
+<li>UserID (<i>org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY</i>)
+<p>When using this mechanism, you must specify only the <codeph>user</codeph> property.
+All other mechanisms require you to specify both the user name and the password.</p></li>
+<li>Encrypted UserID and encrypted password (<i>org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY</i>) <p>When using this mechanism, both password and
user id are encrypted.</p></li>
-<li><i>Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY)</i>
+<li>Strong password substitution (<i>org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY</i>)
<p>When using this mechanism, a strong password substitute is generated and
used to authenticate the user with the network server. The original password is
never sent in any form across the network.</p></li>
@@ -53,7 +53,19 @@
more information on schema and user names.</p>
<p>If you specify any other security mechanism, you will receive an exception.</p>
<p>To change the default, you can specify another security mechanism either
-as a property or on the URL (using the securityMechanism attribute) when making
-the connection.</p>
+as a property or on the URL (using the <codeph>securityMechanism=value</codeph> attribute) when making
+the connection. For details, see
+<xref href="cadminappsclientsecurity.dita#cadminappsclientsecurity"></xref> and
+"securityMechanism=value attribute" in the
+<ph conref="adminconrefs.dita#pub/citref"></ph>.</p>
+<p>Whether the security mechanism you specify for the client actually takes
+effect depends upon the setting of the
+<codeph>derby.drda.securityMechanism</codeph> property for the Network Server.
+If the <codeph>derby.drda.securityMechanism</codeph> property is set, the
+Network Server accepts only connections that use the security mechanism
+specified by the property setting. If the
+<codeph>derby.drda.securityMechanism</codeph> property is not set, clients can
+use any valid security mechanism. For details, see
+<xref href="radmindrdasecmechanism.dita#radmindrdasecmechanism"></xref>.</p>
</conbody>
</concept>
Modified: db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811631.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811631.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811631.dita Thu Mar 22 13:34:31 2007
@@ -17,9 +17,17 @@
-->
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "../dtd/concept.dtd">
<concept xml:lang="en-us" id="cadminapps811631">
-<title>Network Server user authentication when user authentication is on in Derby</title>
+<title>Security mechanism options when user authentication is enabled on the
+Network Server</title>
<prolog>
</prolog>
<conbody>
-<p>When user authentication is enabled in <ph conref="adminconrefs.dita#prod/productshortname"></ph>, you can either use the default security mechanism (user name and password) or you can specify that the security mechanism be encrypted user and password.</p>
+<p>When user authentication is enabled in
+<ph conref="adminconrefs.dita#prod/productshortname"></ph>, you can use any of
+the following security mechanisms:</p>
+<ul>
+<li>Clear text user name and password security, the default</li>
+<li>Strong password substitute security </li>
+<li>Encrypted user name and password security</li>
+</ul>
</conbody></concept>
Modified: db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps811656.dita?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps811656.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps811656.dita Thu Mar 22 13:34:31 2007
@@ -17,8 +17,8 @@
-->
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "../dtd/concept.dtd">
<concept xml:lang="en-us" id="cadminapps811656">
-<title>Network Server user authentication when user authentication is off
-in Derby</title>
+<title>Security mechanism options when user authentication is disabled on the
+Network Server</title>
<prolog>
</prolog>
<conbody>
Modified: db/derby/docs/trunk/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/refderby.ditamap?view=diff&rev=521448&r1=521447&r2=521448
==============================================================================
--- db/derby/docs/trunk/src/ref/refderby.ditamap (original)
+++ db/derby/docs/trunk/src/ref/refderby.ditamap Thu Mar 22 13:34:31 2007
@@ -582,6 +582,8 @@
</topicref>
<topicref href="rrefrollforward.dita" navtitle="rollForwardRecoveryFrom=path attribute">
</topicref>
+<topicref href="rrefattribsecmech.dita" navtitle="securityMechanism=value attribute">
+</topicref>
<topicref href="rrefattrib16471.dita" navtitle="shutdown=true attribute">
</topicref>
<topicref href="rrefattrib56769.dita" navtitle="territory=ll_CC attribute">
Added: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribsecmech.dita?view=auto&rev=521448
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefattribsecmech.dita (added)
+++ db/derby/docs/trunk/src/ref/rrefattribsecmech.dita Thu Mar 22 13:34:31 2007
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<reference id="rrefattribsecmech" xml:lang="en-us">
+<title>securityMechanism=value attribute</title>
+<prolog><metadata>
+<keywords><indexterm>securityMechanism=value attribute</indexterm>
+<indexterm>databases<indexterm>attributes, security mechanism</indexterm></indexterm>
+<indexterm>attributes<indexterm>securityMechanism</indexterm></indexterm></keywords>
+</metadata></prolog>
+<refbody>
+<section><title>Function</title><p>Specifies a security mechanism
+for client access to the Network Server. The <i>value</i> is numeric.</p>
+<p>Valid numeric values are:</p>
+<!-- (Kim - March 2007) The values are out of numeric order because the last
+two are defaults that users don't need to specify; they're present for
+completeness only. -->
+<ul>
+<li><codeph><b>8</b></codeph>, which specifies Strong Password Substitute security. If
+you specify this mechanism, a strong password substitute is generated and used
+to authenticate the user with the network server. The original password is
+never sent in any form across the network.</li>
+<li><codeph><b>9</b></codeph>, which specifies Encrypted UserID and Encrypted Password
+security. If you specify this mechanism, both the user ID and the password are
+encrypted. See "Enabling the encrypted user ID and password security mechanism"
+in the <ph conref="refconrefs.dita#pub/citadmin"></ph> for additional
+requirements for the use of this security mechanism.</li>
+<li><codeph><b>3</b></codeph>, which specifies Clear Text Password security. Clear
+Text Password security is the default if you do not specify the
+<i>securityMechanism</i> attribute and you specify both the
+<i><xref href="rrefattrib10035.dita#rrefattrib10035">user=userName</xref></i>
+and
+<i><xref href="rrefattrib42686.dita#rrefattrib42686">password=userPassword</xref></i>
+attributes.</li>
+<li><codeph><b>4</b></codeph>, which specifies User Only security. User Only security
+is the default if you do not specify the <i>securityMechanism</i> attribute and
+you specify the
+<i><xref href="rrefattrib10035.dita#rrefattrib10035">user=userName</xref></i>
+attribute but not the
+<i><xref href="rrefattrib42686.dita#rrefattrib42686">password=userPassword</xref></i>
+attribute.</li>
+</ul>
+</section>
+<section><title>Combining with other attributes</title>
+<p>The <i>securityMechanism</i> attribute must be combined with the
+<i><xref href="rrefattrib10035.dita#rrefattrib10035">user=userName</xref></i>
+attribute.</p>
+</section>
+<example><title>Example</title>
+<codeblock><b><ph>-- specify Strong Password Substitute security</ph>
+jdbc:derby://localhost/mydb;user=myuser;password=mypassword;securityMechanism=8</b></codeblock> </example>
+</refbody>
+</reference>
Propchange: db/derby/docs/trunk/src/ref/rrefattribsecmech.dita
------------------------------------------------------------------------------
svn:eol-style = native