Changeset: 34ce6e1b1be8 for monetdb-java URL: https://dev.monetdb.org/hg/monetdb-java?cmd=changeset;node=34ce6e1b1be8 Modified Files: ChangeLog release.txt src/main/java/nl/cwi/monetdb/client/JMonetDB.java src/main/java/nl/cwi/monetdb/client/JdbcClient.java src/main/java/nl/cwi/monetdb/jdbc/MonetDatabaseMetaData.java src/main/java/nl/cwi/monetdb/jdbc/MonetDriver.java.in src/main/java/nl/cwi/monetdb/mcl/net/MapiSocket.java Branch: default Log Message:
Remove support for deprecated MD5 encryption algorithm in MapiSocket. diffs (149 lines): diff --git a/ChangeLog b/ChangeLog --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog file for monetdb-java # This file is updated with Maddlog +* Thu Sep 10 2020 Martin van Dinther <martin.van.dint...@monetdbsolutions.com> +- Removed support for deprecated MD5 encryption algorithm in MapiSocket. + +* Wed Sep 9 2020 Martin van Dinther <martin.van.dint...@monetdbsolutions.com> +- Corrected Statement.executeBatch() method. It now implicitly clears the + batch buffer, ready to accept new addBatch() calls without the need for + an explicit clearBatch() call. + See also https://www.monetdb.org/bugzilla/show_bug.cgi?id=6953 + * Wed Feb 19 2020 Martin van Dinther <martin.van.dint...@monetdbsolutions.com> - Corrected the return value of getCatalogTerm() to "cat". diff --git a/release.txt b/release.txt --- a/release.txt +++ b/release.txt @@ -27,7 +27,7 @@ Supported connection properties are: language=<sql or mal> default is: sql debug=true default is: false logfile=<name of logfile> - hash=<SHA512, SHA384, SHA256, SHA1 and MD5> + hash=<SHA512, SHA384, SHA256 or SHA1> We recommend to set following connection properties: so_timeout=20000 diff --git a/src/main/java/nl/cwi/monetdb/client/JMonetDB.java b/src/main/java/nl/cwi/monetdb/client/JMonetDB.java --- a/src/main/java/nl/cwi/monetdb/client/JMonetDB.java +++ b/src/main/java/nl/cwi/monetdb/client/JMonetDB.java @@ -51,7 +51,7 @@ public final class JMonetDB { // extended options copts.addOption(null, "Xhash", CmdLineOpts.CAR_ONE, null, "Use the given hash algorithm during challenge response. " + - "Supported algorithm names: SHA256, SHA1, MD5."); + "Supported algorithm names: SHA512, SHA384, SHA256 and SHA1."); // arguments which can have zero or one argument(s) copts.addOption(null, "Xdebug", CmdLineOpts.CAR_ONE, null, "Writes a transmission log to disk for debugging purposes. " + diff --git a/src/main/java/nl/cwi/monetdb/client/JdbcClient.java b/src/main/java/nl/cwi/monetdb/client/JdbcClient.java --- a/src/main/java/nl/cwi/monetdb/client/JdbcClient.java +++ b/src/main/java/nl/cwi/monetdb/client/JdbcClient.java @@ -97,7 +97,7 @@ public final class JdbcClient { * -Xoutput The output mode when dumping. Default is sql, xml may be used for * an experimental XML output. * -Xhash Use the given hash algorithm during challenge response. Supported - * algorithm names: SHA1, MD5, plain. + * algorithm names: SHA512, SHA384, SHA256 and SHA1. * -Xdebug Writes a transmission log to disk for debugging purposes. If a * file name is given, it is used, otherwise a file called * monet<timestamp>.log is created. A given file never be @@ -160,7 +160,7 @@ public final class JdbcClient { "be used for an experimental XML output."); copts.addOption(null, "Xhash", CmdLineOpts.CAR_ONE, null, "Use the given hash algorithm during challenge response. " + - "Supported algorithm names: SHA1, MD5, plain."); + "Supported algorithm names: SHA512, SHA384, SHA256 and SHA1."); // arguments which can have zero or one argument(s) copts.addOption(null, "Xdebug", CmdLineOpts.CAR_ZERO_ONE, null, "Writes a transmission log to disk for debugging purposes. " + diff --git a/src/main/java/nl/cwi/monetdb/jdbc/MonetDatabaseMetaData.java b/src/main/java/nl/cwi/monetdb/jdbc/MonetDatabaseMetaData.java --- a/src/main/java/nl/cwi/monetdb/jdbc/MonetDatabaseMetaData.java +++ b/src/main/java/nl/cwi/monetdb/jdbc/MonetDatabaseMetaData.java @@ -422,8 +422,8 @@ public class MonetDatabaseMetaData " AND \"mod\" <> 'sql')" + // include specific functions code(int) and space(int) which belong to the 'str' module " OR \"mod\" = 'str'" + - // include 3 specific json functions and udf reverse which accept a string arg - " OR f.\"name\" IN ('isarray','isobject','isvalid','reverse')"; + // include 3 specific json functions, md5() and udf reverse() which all accept a string arg + " OR f.\"name\" IN ('isarray','isobject','isvalid','md5','reverse')"; final String unionPart = // add functions which are not listed in sys.functions but implemented in the SQL parser (see sql/server/sql_parser.y) " UNION SELECT 'position'"; @@ -435,7 +435,7 @@ public class MonetDatabaseMetaData final String wherePart = "f.\"name\" IN ('columnsize','debug','get_value_for','hash','hashsize','heapsize'" + ",'ifthenelse','imprintsize','isaurl','isauuid','isnull','masterclock','mastertick'" + - ",'md5','newurl','next_value_for','password_hash','replicaclock','replicatick','uuid')" + + ",'newurl','next_value_for','password_hash','replicaclock','replicatick','uuid')" + // add functions which are not listed in sys.functions but implemented in the SQL parser (see sql/server/sql_parser.y) " UNION ALL SELECT * FROM (VALUES('cast'),('coalesce'),('convert'),('nullif')) as sf"; return getConcatenatedStringFromQuery(FunctionsSelect + wherePart + FunctionsOrderBy1); @@ -3706,7 +3706,7 @@ public class MonetDatabaseMetaData "SELECT 'database', 1024, 'demo', 'name of database. It matches the dbfarm subdirectory name' UNION ALL " + "SELECT 'debug', 5, 'false', 'boolean flag true or false' UNION ALL " + "SELECT 'logfile', 1024, 'monet_######.log', 'name of logfile used when debug is enabled' UNION ALL " + - "SELECT 'hash', 128, '', 'hash methods list to use in server connection. Supported are SHA512, SHA384, SHA256, SHA1 and MD5' UNION ALL " + + "SELECT 'hash', 128, '', 'hash methods list to use in server connection. Supported are SHA512, SHA384, SHA256 and SHA1' UNION ALL " + "SELECT 'treat_blob_as_binary', 5, 'false', 'should blob columns be mapped to Types.VARBINARY instead of default Types.BLOB in ResultSets and PreparedStatements' UNION ALL " + "SELECT 'treat_clob_as_varchar', 5, 'false', 'should clob columns be mapped to Types.VARCHAR instead of default Types.CLOB in ResultSets and PreparedStatements' UNION ALL " + "SELECT 'so_timeout', 10, '0', 'timeout (in milliseconds) of communication socket. 0 means no timeout is set' " + diff --git a/src/main/java/nl/cwi/monetdb/jdbc/MonetDriver.java.in b/src/main/java/nl/cwi/monetdb/jdbc/MonetDriver.java.in --- a/src/main/java/nl/cwi/monetdb/jdbc/MonetDriver.java.in +++ b/src/main/java/nl/cwi/monetdb/jdbc/MonetDriver.java.in @@ -224,8 +224,8 @@ final public class MonetDriver implement prop = new DriverPropertyInfo("hash", null); prop.required = false; - prop.description = "Force the use of the given hash algorithm during challenge response (one of SHA1, MD5, plain)"; - prop.choices = new String[] { "SHA512", "SHA384", "SHA256", "SHA1", "MD5" }; + prop.description = "Force the use of the given hash algorithm (SHA512 or SHA384 or SHA256 or SHA1) during challenge response"; + prop.choices = new String[] { "SHA512", "SHA384", "SHA256", "SHA1" }; dpi[5] = prop; prop = new DriverPropertyInfo("treat_blob_as_binary", "false"); diff --git a/src/main/java/nl/cwi/monetdb/mcl/net/MapiSocket.java b/src/main/java/nl/cwi/monetdb/mcl/net/MapiSocket.java --- a/src/main/java/nl/cwi/monetdb/mcl/net/MapiSocket.java +++ b/src/main/java/nl/cwi/monetdb/mcl/net/MapiSocket.java @@ -414,7 +414,7 @@ public final class MapiSocket { * string is null, a challengeless response is returned. * * @param chalstr the challenge string - * for example: H8sRMhtevGd:mserver:9:PROT10,RIPEMD160,SHA256,SHA1,MD5,COMPRESSION_SNAPPY,COMPRESSION_LZ4:LIT:SHA512: + * for example: H8sRMhtevGd:mserver:9:PROT10,RIPEMD160,SHA256,SHA1,COMPRESSION_SNAPPY,COMPRESSION_LZ4:LIT:SHA512: * @param username the username to use * @param password the password to use * @param language the language to use @@ -456,12 +456,11 @@ public final class MapiSocket { algo = "SHA-384"; } else if (pwhash.equals("SHA256")) { algo = "SHA-256"; - /* NOTE: Java doesn't support SHA-224 */ + /* NOTE: Java 7 doesn't support SHA-224. Java 8 does but we have not tested it. It is also not requested yet. */ } else if (pwhash.equals("SHA1")) { algo = "SHA-1"; - } else if (pwhash.equals("MD5")) { - algo = "MD5"; } else { + /* Note: MD5 has been deprecated by security experts and support is removed from Oct 2020 release */ throw new MCLException("Unsupported password hash: " + pwhash); } try { @@ -508,10 +507,8 @@ public final class MapiSocket { } else if (hashesSet.contains("SHA1")) { algo = "SHA-1"; pwhash = "{SHA1}"; - } else if (hashesSet.contains("MD5")) { - algo = "MD5"; - pwhash = "{MD5}"; } else { + /* Note: MD5 has been deprecated by security experts and support is removed from Oct 2020 release */ throw new MCLException("no supported hash algorithms found in " + hashes); } try { _______________________________________________ checkin-list mailing list checkin-list@monetdb.org https://www.monetdb.org/mailman/listinfo/checkin-list
