[ http://issues.apache.org/jira/browse/DERBY-928?page=comments#action_12365465 ]
Sunitha Kambhampati commented on DERBY-928: ------------------------------------------- Thanks Byran for your comments. Yes option #2 - USER_ONLY_SECURITY makes sense to me too. In this jira I plan to add this server side property and take can take in values as USER_ONLY_SECURITY, etc. These will internally map to integer constants - the correct SECMEC values. I agree the client connection url can be enhanced to take security mechanism as friendly string names and this should be possible with changes to the client side. I think the client connection url should allow even an integer value for the securityMechanism to allow for backward compatibility with older clients. I'll open a jira for this. Thanks. > Add ability to network server to accept connections with a certain security > mechanism. > -------------------------------------------------------------------------------------- > > Key: DERBY-928 > URL: http://issues.apache.org/jira/browse/DERBY-928 > Project: Derby > Type: New Feature > Components: Network Server > Reporter: Sunitha Kambhampati > Fix For: 10.2.0.0 > > Currently the network server has support for the following security mechanisms > 1) USRIDONL (userid only), > 2) USRIDPWD (clear text userid and password), > 3) EUSRIDPWD (encrypted userid and password). > Thus the #3 encrypted userid and password security mechanism is secure with > respect to the userid/password sent across the wire. Currently there is no > way to setup the network server to ensure that it accepts connections coming > in at a certain security mechanism. It seems reasonable & useful to have a > server want to accept connections from clients with a particular security > mechanism (e.g lets say encrypted userid/password and reject usridpwd ie > clear text userid and password) > This jira will add support for this by adding a property to enable the server > to be able to accept connections from clients with a certain security > mechanism. > -------------------- > I actually couldnt find if a rank was given to the security mechanisms in the > drda spec. If it were so, then maybe a property for setting the minimum > security mechanism accepted by the server would be appropriate. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
