[jira] [Commented] (DERBY-5651) Protocol error when connecting to db with NATIVE authentication using strong password substitution

Thu, 15 Mar 2012 01:40:04 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229987#comment-13229987
 ] 

Knut Anders Hatlen commented on DERBY-5651:
-------------------------------------------

Maybe we should simply remove support for securityMechanism=8 completely and 
make the client produce an error message advising the users to find another way 
to protect their passwords? After all, securityMechanism=8 uses the broken hash 
algorithm reported in DERBY-4468, which makes it *very* easy to break into a 
user account without knowing the password when strong password substitution is 
used.
                
> Protocol error when connecting to db with NATIVE authentication using strong 
> password substitution
> --------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5651
>                 URL: https://issues.apache.org/jira/browse/DERBY-5651
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>
> If you connect to a db with native authentication using strong password 
> substitution to protect the password, you'll get a protocol error:
> ij(CONNECTION2)> connect 
> 'jdbc:derby://localhost/db;user=app;password=papp;securityMechanism=8';
> ERROR 08006: A network protocol error was encountered and the connection has 
> been terminated: A PROTOCOL Data Stream Syntax Error was detected.  Reason: 
> 0x18. Plaintext connection attempt to an SSL enabled server?
> I don't think strong password substitution is intended to work with NATIVE, 
> but it should probably fail more gracefully. With BUILTIN, you'll get a more 
> helpful error message:
> ij(CONNECTION5)> connect 
> 'jdbc:derby://localhost/db2;user=app;password=papp;securityMechanism=8';
> ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: 
> Connection authentication failure occurred. Either the supplied credentials 
> were invalid, or the database uses a password encryption scheme not 
> compatible with the strong password substitution security mechanism. If this 
> error started after upgrade, refer to the release note for DERBY-4483 for 
> options.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to