That's correct. By the way, you can also configure the Derby server to only accept connections issued with a particular securityMechanism. See 'derby.drda.securityMechanism' network server property in http://db.apache.org/derby/docs/dev/adminguide/adminguide-single.html#tadminconfigsettingnetwrokserverproperties
On 8/21/07, Knut Anders Hatlen <[EMAIL PROTECTED]> wrote: > > David Van Couvering <[EMAIL PROTECTED]> writes: > > > Hi, all. Someone asked me if things have changed around password > > encryption in 10.3 - is there some form of encryption by default, or > > is the default still to send the password in the clear? I scanned the > > "what's new" section of the release page but couldn't find anything > > definitive... > > Hi David, > > It is my understanding that you still need to add the securityMechanism > attribute to the connection URL in order to get password encryption. > > http://db.apache.org/derby/docs/dev/ref/rrefattribsecmech.html: > > Clear Text Password security is the default if you do not specify the > securityMechanism attribute and you specify both the user=userName and > password=userPassword attributes. > > -- > Knut Anders >
