[ http://issues.apache.org/jira/browse/DERBY-928?page=all ]
Sunitha Kambhampati updated DERBY-928:
--------------------------------------
Attachment: Derby928_canons.diff.txt
Derby928_canons.stat.txt
JCC 2.6 behavior has changed from JCC2.4 with respect to how security
mechanisms are handled. I am attaching a patch to fix some masters to run
cleanly with jcc2.6.
This patch 'Derby928_canons.diff.txt' updates
- master files for derbynet/testSecMec.java for difference in behavior in
jcc2.6 from 2.4
- puts testSecMec.java and sysinfo_withproperties in exclude for remote server
testing as both these tests require the server to be restarted with the
different properties set.
The JCC 2.6 client does the following: if the client sends a security mechanism
of 3( clear text userid and password) and if the server does not accept this
security mechanism but supports encrypted userid/password , in that case the
client will then use security mechanism (9) -encrypted userid and password and
send it to the server.
This auto-switching is only in 2.6 client and not in 2.4 JCC. I have verified
this behavior by seeing what the jcc 2.6 client is sending to the server in the
debugger and have also verified it with the JCC folks.
This is a test master update only.
I have run derbynet/testSecMec.java with classes with
jdk131/jdk141/jdk142/jdk15/ibm131/ibm141/ibm142/ibm15 with JCC 2.6 driver OK.
svn stat
A
java\testing\org\apache\derbyTesting\functionTests\master\DerbyNet\ver2.6\testSecMec.out
A
java\testing\org\apache\derbyTesting\functionTests\master\DerbyNet\ibm14\ver2.6
A
java\testing\org\apache\derbyTesting\functionTests\master\DerbyNet\ibm14\ver2.6\testSecMec.out
M
java\testing\org\apache\derbyTesting\functionTests\suites\DerbyNetRemote.exclude
M
java\testing\org\apache\derbyTesting\functionTests\suites\DerbyNetClientRemote.exclude
Can someone please review and commit this change. Thanks.
> Add ability to network server to accept connections with a certain security
> mechanism.
> --------------------------------------------------------------------------------------
>
> Key: DERBY-928
> URL: http://issues.apache.org/jira/browse/DERBY-928
> Project: Derby
> Type: New Feature
> Components: Network Server
> Reporter: Sunitha Kambhampati
> Assignee: Sunitha Kambhampati
> Fix For: 10.2.0.0
> Attachments: Derby928.3.diff.txt, Derby928.3.stat.txt, Derby928.diff.txt,
> Derby928.stat.txt, Derby928_Table_SecurityMechanisms..htm,
> Derby928_canons.diff.txt, Derby928_canons.stat.txt, Derby928_v2_diff.txt,
> Derby928_v2_stat.txt
>
> Currently the network server has support for the following security mechanisms
> 1) USRIDONL (userid only),
> 2) USRIDPWD (clear text userid and password),
> 3) EUSRIDPWD (encrypted userid and password).
> Thus the #3 encrypted userid and password security mechanism is secure with
> respect to the userid/password sent across the wire. Currently there is no
> way to setup the network server to ensure that it accepts connections coming
> in at a certain security mechanism. It seems reasonable & useful to have a
> server want to accept connections from clients with a particular security
> mechanism (e.g lets say encrypted userid/password and reject usridpwd ie
> clear text userid and password)
> This jira will add support for this by adding a property to enable the server
> to be able to accept connections from clients with a certain security
> mechanism.
> --------------------
> I actually couldnt find if a rank was given to the security mechanisms in the
> drda spec. If it were so, then maybe a property for setting the minimum
> security mechanism accepted by the server would be appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
