Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-4483

Provide a way to change the hash algorithm used by BUILTIN authentication

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.5.3.0
    • Fix Version/s: 10.6.1.0
    • Component/s: Services
    • Labels:
      None
    • Issue & fix info:
      Release Note Needed
    • Bug behavior facts:
      Security

      Description

      The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1 algorithm. It would be nice to have way to specify a different algorithm so that users can take advantage of new, stronger algorithms provided by their JCE provider if so desired.

      This issue tracks our response to security vulnerability CVE-2009-4269, which Marcell Major identified. See http://marcellmajor.com/derbyhash.html

        Attachments

        1. comments.diff
          5 kB
          Knut Anders Hatlen
        2. derby-4483-1a.diff
          33 kB
          Knut Anders Hatlen
        3. derby-4483-1a.stat
          0.7 kB
          Knut Anders Hatlen
        4. derby-4483-2a.diff
          6 kB
          Knut Anders Hatlen
        5. derby-4483-2a.stat
          0.4 kB
          Knut Anders Hatlen
        6. errormsg.diff
          3 kB
          Knut Anders Hatlen
        7. experiment.diff
          13 kB
          Knut Anders Hatlen
        8. releaseNote.html
          7 kB
          Knut Anders Hatlen
        9. releaseNote.html
          7 kB
          Knut Anders Hatlen
        10. toHexByte.diff
          5 kB
          Knut Anders Hatlen
        11. upgrade-test.diff
          7 kB
          Knut Anders Hatlen

          Issue Links

            Activity

              People

              • Assignee:
                knutanders Knut Anders Hatlen
                Reporter:
                knutanders Knut Anders Hatlen
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: