[jira] Updated: (GERONIMO-842) Enhance DerbyNetworkGBean to allow secure Derby Network Client connections (once Derby is enhanced to allow secure connections).

["Matt Hogstrom (JIRA)" <de...@geronimo.apache.org>]

     [ http://issues.apache.org/jira/browse/GERONIMO-842?page=all ]

Matt Hogstrom updated GERONIMO-842:
-----------------------------------

    Fix Version: Wish List
                     (was: 1.0)

Moving to Wish List

> Enhance DerbyNetworkGBean to allow secure Derby Network Client connections (once Derby is enhanced to allow secure connections).
> --------------------------------------------------------------------------------------------------------------------------------
>
>          Key: GERONIMO-842
>          URL: http://issues.apache.org/jira/browse/GERONIMO-842
>      Project: Geronimo
>         Type: Task
>   Components: core, installer
>     Versions: 1.0-M4
>     Reporter: John Sisson
>      Fix For: Wish List

>
> I have created this issue to raise awareness of the security limitations of the Network Server currently embeded in derby and to flag that the Geronimo installer/configuration tools may need to be enhanced when Derby's client security is enhanced to allow the user to configure security for the Network Server..
> Currently the DerbyNetworkGBean only accepts connections from the localhost.  
> Although this could be easily changed, it would not be secure even if Derby's current (version 10.1 at the time of writing) client security features are utilised.  Rather than repeating information see the mails in the thread titled "DRDA Password Encryption (SECMEC_EUSRIDPWD and SECMEC_USRENCPWD)" at:
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200506.mbox/%3c20050616191041.GA5239@barbar.sun.com%3e

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira