On 5/31/13 7:46 AM, Katherine Marsden wrote:
Does Derby implement some sort of password encryption for native
authentication?
Sometimes, I need to speak toward Derby's encryption capabilities in
the context of international export. Normally I can just defer to the
java implementation for things like database encryption or SSL/TSL,
but I wonder if some encryption code has been added for Native
Authentication that needs to be considered.
Thanks
Kathey
Thanks for bringing up this topic, Kathey. Yes, the NATIVE passwords
stored in SYS.SYSUSERS are encrypted. The encryption for a password is
described by the corresponding SYS.SYSUSERS.HASHINGSCHEME column. The
information in the HASHINGSCHEME column is used to construct a
PasswordHasher for this purpose. The behavior of this hashing can be
configured via the following Derby properties:
derby.authentication.builtin.algorithm
derby.authentication.builtin.iterations
derby.authentication.builtin.saltLength
Thanks,
-Rick
