[jira] Updated: (DERBY-3014) Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.') return NULL instead of the hash value of the password

Dyre Tjeldvoll (JIRA) Thu, 06 Mar 2008 01:58:18 -0800

     [ 
https://issues.apache.org/jira/browse/DERBY-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dyre Tjeldvoll updated DERBY-3014:
----------------------------------

    Derby Info:   (was: [Patch Available])

I'm removing 'patch available' since another rev of the patch has been 
requested by a reviewer

> Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.<username>')  return 
> NULL instead of the hash value of the password
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3014
>                 URL: https://issues.apache.org/jira/browse/DERBY-3014
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Daniel John Debrunner
>            Assignee: R VIDYA LAKSHMI
>         Attachments: DERBY-3014.diff
>
>
> Increases security by providing less information to any attacker. The current 
> returned hash value could be used in an off-line dictionary based attack to 
> find a valid password.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-3014) Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.') return NULL instead of the hash value of the password

Reply via email to