[ http://issues.apache.org/jira/browse/DERBY-528?page=comments#action_12416339 ]
Kathey Marsden commented on DERBY-528: -------------------------------------- Thanks so much for this important fix. Can you test this change with - new server/10.1.1.0 client -new client/10.1.1.0 server release To make sure that there are no compatibility issues associated with the change. http://db.apache.org/derby/releases/release-10.1.1.0.cgi Also it would be great to see tests added to org.apache.derbyTesting.functionTests.tests.junitTests.derbyNet.CompatibilityTest to verify that the negotiation happens properly. Kathey > Support for DRDA Strong User ID and Password Substitute Authentication > (USRSSBPWD) scheme > ----------------------------------------------------------------------------------------- > > Key: DERBY-528 > URL: http://issues.apache.org/jira/browse/DERBY-528 > Project: Derby > Type: New Feature > Components: Security > Versions: 10.1.1.0 > Reporter: Francois Orsini > Assignee: Francois Orsini > Fix For: 10.2.0.0 > Attachments: 528_SecMec_Testing_Table.txt, 528_diff_v1.txt, 528_stat_v1.txt > > This JIRA will add support for (DRDA) Strong User ID and Password Substitute > Authentication (USRSSBPWD) scheme in the network client/server driver layers. > Current Derby DRDA network client driver supports encrypted userid/password > (EUSRIDPWD) via the use of DH key-agreement protocol - however current Open > Group DRDA specifications imposes small prime and base generator values (256 > bits) that prevents other JCE's to be used as java cryptography providers - > typical minimum security requirements is usually of 1024 bits (512-bit > absolute minimum) when using DH key-agreement protocol to generate a session > key. > Strong User ID and Password Substitute Authentication (USRSSBPWD) is part of > DRDA specifications as another alternative to provide ciphered passwords > across the wire. > Support of USRSSBPWD authentication scheme will enable additional JCE's to > be used when encrypted passwords are required across the wire. > USRSSBPWD authentication scheme will be specified by a Derby network client > user via the securityMechanism property on the connection UR - A new property > value such as ENCRYPTED_PASSWORD_SECURITY will be defined in order to support > this new (DRDA) authentication scheme. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
