In reviewing a
DERBY-5767 patch, Rick Hillegas noticed that in the derby.authentication.provider topic, "In the second, longer paragraph of the BUILTIN bullet, we recommend LDAP and user-supplied schemes as alternatives to BUILTIN, but we don't recommend NATIVE. Did we decide to not recommend NATIVE here or should this be adjusted to include it beside the other safe schemes? Thanks."
In several topics, the notes were not modified to recommend NATIVE authentication the same way they were elsewhere: "It is strongly recommended that production systems rely on NATIVE authentication, an external directory service such as LDAP, or a user-defined class for authentication." These notes need to be tidied up.