[jira] [Commented] (DERBY-5651) Protocol error when connecting to db with NATIVE authentication using strong password substitution

Thu, 15 Mar 2012 12:51:00 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13230471#comment-13230471
 ] 

Knut Anders Hatlen commented on DERBY-5651:
-------------------------------------------

I'd prefer option 1. Option 2 would expose the cleartext password on the wire 
even though the user has explicitly requested that it's not exposed. Better to 
fail and let the user take the appropriate action than compromising the 
password.
                
> Protocol error when connecting to db with NATIVE authentication using strong 
> password substitution
> --------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5651
>                 URL: https://issues.apache.org/jira/browse/DERBY-5651
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>
> If you connect to a db with native authentication using strong password 
> substitution to protect the password, you'll get a protocol error:
> ij(CONNECTION2)> connect 
> 'jdbc:derby://localhost/db;user=app;password=papp;securityMechanism=8';
> ERROR 08006: A network protocol error was encountered and the connection has 
> been terminated: A PROTOCOL Data Stream Syntax Error was detected.  Reason: 
> 0x18. Plaintext connection attempt to an SSL enabled server?
> I don't think strong password substitution is intended to work with NATIVE, 
> but it should probably fail more gracefully. With BUILTIN, you'll get a more 
> helpful error message:
> ij(CONNECTION5)> connect 
> 'jdbc:derby://localhost/db2;user=app;password=papp;securityMechanism=8';
> ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: 
> Connection authentication failure occurred. Either the supplied credentials 
> were invalid, or the database uses a password encryption scheme not 
> compatible with the strong password substitution security mechanism. If this 
> error started after upgrade, refer to the release note for DERBY-4483 for 
> options.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to