Derby
  1. Derby
  2. DERBY-4579

Document the configurable hash authentication scheme

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.6.1.0
    • Fix Version/s: 10.6.1.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      DERBY-4483 adds the ability to configure which message digest algorithm to use to protect the passwords that are stored in the database when using BUILTIN authentication.

      I think these changes are required:

      • Reference manual: Document the new database property derby.authentication.builtin.algorithm. It's a dynamic property that can be set either on database level or on system level. Its value is the name of a message digest algorithm available from one of the Java Cryptography Extension providers registered in the JVM. Example values: MD5, SHA-256, SHA-512. The specified algorithm will be applied on the concatenation of the user name and the password before it's stored in the database. If the property is NULL or the empty string, the old algorithm (SHA-1 on the password only) is applied instead.
      • Developer's guide: Mention the property in "List of user authentication properties"
      • Server and admin guide: In the table in section "Network client security", mention that strong password substitution cannot be used to connect as a user whose password has been stored with the new scheme. I'd suggest changing the following sentence:

      Strong password substitution cannot be used with external Derby authentication schemes (for example, LDAP).

      And replacing it with something like:

      Strong password substitution can only be used with Derby's NONE and BUILTIN authentication schemes. Also, for the BUILTIN scheme, it does not work for database-level users whose password has been protected by a custom message digest algorithm specified by the derby.authentication.builtin.algorithm property.

      1. DERBY-4579-2.zip
        13 kB
        Kim Haase
      2. DERBY-4579-2.diff
        9 kB
        Kim Haase
      3. DERBY-4579.zip
        13 kB
        Kim Haase
      4. DERBY-4579.stat
        0.2 kB
        Kim Haase
      5. DERBY-4579.diff
        9 kB
        Kim Haase

        Issue Links

          Activity

          Gavin made changes -
          Workflow jira [ 12501642 ] Default workflow, editable Closed status [ 12800437 ]
          Knut Anders Hatlen made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Kim Haase made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 10.6.0.0 [ 12313727 ]
          Kim Haase made changes -
          Attachment DERBY-4579-2.diff [ 12442561 ]
          Attachment DERBY-4579-2.zip [ 12442562 ]
          Kim Haase made changes -
          Attachment DERBY-4579.diff [ 12442452 ]
          Attachment DERBY-4579.stat [ 12442453 ]
          Attachment DERBY-4579.zip [ 12442454 ]
          Kim Haase made changes -
          Assignee Kim Haase [ chaase3 ]
          Knut Anders Hatlen made changes -
          Field Original Value New Value
          Link This issue is related to DERBY-4483 [ DERBY-4483 ]
          Knut Anders Hatlen created issue -

            People

            • Assignee:
              Kim Haase
              Reporter:
              Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development