[ http://issues.apache.org/jira/browse/GERONIMO-842?page=all ]
Matt Hogstrom updated GERONIMO-842:
-----------------------------------
Fix Version: Wish List
(was: 1.0)
Moving to Wish List
> Enhance DerbyNetworkGBean to allow secure Derby Network Client connections
> (once Derby is enhanced to allow secure connections).
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-842
> URL: http://issues.apache.org/jira/browse/GERONIMO-842
> Project: Geronimo
> Type: Task
> Components: core, installer
> Versions: 1.0-M4
> Reporter: John Sisson
> Fix For: Wish List
>
> I have created this issue to raise awareness of the security limitations of
> the Network Server currently embeded in derby and to flag that the Geronimo
> installer/configuration tools may need to be enhanced when Derby's client
> security is enhanced to allow the user to configure security for the Network
> Server..
> Currently the DerbyNetworkGBean only accepts connections from the localhost.
> Although this could be easily changed, it would not be secure even if Derby's
> current (version 10.1 at the time of writing) client security features are
> utilised. Rather than repeating information see the mails in the thread
> titled "DRDA Password Encryption (SECMEC_EUSRIDPWD and SECMEC_USRENCPWD)" at:
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200506.mbox/[EMAIL
> PROTECTED]
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
