[ https://issues.apache.org/jira/browse/DERBY-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laura Stewart reopened DERBY-2837: ---------------------------------- The structure of the fie needs to be updated. It still contains the reference structure and needs to be converted to a concept. > Update docs on > STRONG_PASSWORD_SUBSTITUTE_SECURITY/ENCRYPTED_USER_AND_PASSWORD_SECURITY and > JCE support > ------------------------------------------------------------------------------------------------------- > > Key: DERBY-2837 > URL: https://issues.apache.org/jira/browse/DERBY-2837 > Project: Derby > Issue Type: Improvement > Components: Documentation > Affects Versions: 10.3.1.0 > Reporter: Bernt M. Johnsen > Assignee: Bernt M. Johnsen > Fix For: 10.3.1.1, 10.4.0.0 > > Attachments: DERBY-2837.diff, DERBY-2837.stat, DERBY-2837.zip > > > Bernt M. Johnsen wrote: > >>>>>>>>>>>>>Michael Segel wrote (2007-06-16 00:23:56): > >>Which is why I'm a little suspect that the *only* way to do encryption on > >>the wire is to be forced to bring in IBM's JCE. > > > >You don't need the IBM JCE. Sun's JDK comes with and JCE which works > >just fine. The docs tries to tell you that if you use an old IBM > >environment, you need to install IBMS JCE searately. > That section (installing an IBM JCE) should be removed from the > documentation for 10.3 onwards since JDK 1.4 is the lowest supported JVM > level. > > > >There is, however small issue, if you choose > >ENCRYPTED_USER_AND_PASSWORD_SECURITY, newer Sun JCE's (from 1.4, I > >think) does not support the shared DHS value defined in the DRDA > >protocol. It's too weak. As an alternative solution for passsword > >protection, Francois implemented STRONG_PASSWORD_SUBSTITUTE_SECURITY. > This information would be great to add to the docs. Restating the > requirements in terms of a JCE that supports "the shared DHS value > defined in the DRDA protocol" (whatever the correct JCE term for that > is) and not specifically the IBM JCE. The documentation then should > state that this is not supported by some JCEs due to its weakness and an > alternative is to use STRONG_PASSWORD_SUBSTITUTE_SECURITY (and/or SSL?). > Dan. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.