Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-4483

Provide a way to change the hash algorithm used by BUILTIN authentication

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 10.5.3.0
    • 10.6.1.0
    • Services
    • None
    • Release Note Needed
    • Security

    Description

      The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1 algorithm. It would be nice to have way to specify a different algorithm so that users can take advantage of new, stronger algorithms provided by their JCE provider if so desired.

      This issue tracks our response to security vulnerability CVE-2009-4269, which Marcell Major identified. See http://marcellmajor.com/derbyhash.html

      Attachments

        1. comments.diff
          5 kB
          Knut Anders Hatlen
        2. derby-4483-1a.diff
          33 kB
          Knut Anders Hatlen
        3. derby-4483-1a.stat
          0.7 kB
          Knut Anders Hatlen
        4. derby-4483-2a.diff
          6 kB
          Knut Anders Hatlen
        5. derby-4483-2a.stat
          0.4 kB
          Knut Anders Hatlen
        6. errormsg.diff
          3 kB
          Knut Anders Hatlen
        7. experiment.diff
          13 kB
          Knut Anders Hatlen
        8. releaseNote.html
          7 kB
          Knut Anders Hatlen
        9. releaseNote.html
          7 kB
          Knut Anders Hatlen
        10. toHexByte.diff
          5 kB
          Knut Anders Hatlen
        11. upgrade-test.diff
          7 kB
          Knut Anders Hatlen

        Issue Links

          Activity

            People

              knutanders Knut Anders Hatlen
              knutanders Knut Anders Hatlen
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: