Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-4483

Provide a way to change the hash algorithm used by BUILTIN authentication

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 10.5.3.0
    • 10.6.1.0
    • Services
    • None
    • Release Note Needed
    • Security

    Description

      The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1 algorithm. It would be nice to have way to specify a different algorithm so that users can take advantage of new, stronger algorithms provided by their JCE provider if so desired.

      This issue tracks our response to security vulnerability CVE-2009-4269, which Marcell Major identified. See http://marcellmajor.com/derbyhash.html

      Attachments

        1. experiment.diff
          13 kB
          Knut Anders Hatlen
        2. upgrade-test.diff
          7 kB
          Knut Anders Hatlen
        3. derby-4483-1a.stat
          0.7 kB
          Knut Anders Hatlen
        4. derby-4483-1a.diff
          33 kB
          Knut Anders Hatlen
        5. comments.diff
          5 kB
          Knut Anders Hatlen
        6. toHexByte.diff
          5 kB
          Knut Anders Hatlen
        7. derby-4483-2a.stat
          0.4 kB
          Knut Anders Hatlen
        8. derby-4483-2a.diff
          6 kB
          Knut Anders Hatlen
        9. releaseNote.html
          7 kB
          Knut Anders Hatlen
        10. errormsg.diff
          3 kB
          Knut Anders Hatlen
        11. releaseNote.html
          7 kB
          Knut Anders Hatlen

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            knutanders Knut Anders Hatlen
            knutanders Knut Anders Hatlen
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment