DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38603>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38603 ------- Additional Comments From [EMAIL PROTECTED] 2006-02-11 09:48 ------- see also Bug 38614 for other attributes. To really get it safe, it is probably not sufficient to only control the ciphers, but it should be possible to - enforce client cert auth (not only have it optional - e.g. mysql can do that in http://dev.mysql.com/doc/refman/5.0/en/grant.html with REQUIRE X509) - to have a db port that only accepts encrypted connections to prevent inadvertent password disclosure (http://bugs.mysql.com/bug.php?id=17319) - prevent password guessing (e.g. http://bugs.mysql.com/bug.php?id=17318) see also a formal RFE for this for connector/J in http://bugs.mysql.com/bug.php?id=17320 -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]