[
https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12848956#action_12848956
]
Bryan Pendleton commented on DERBY-4483:
----------------------------------------
The release note is clear and well-written. Thanks for putting it together. +1
Would there be any benefit to augmenting the client-side error message that is
received when using strong password substitution against a conf-hash DB, so
that the client-side message suggests this alternate possibility for the error?
Something along the lines of:
ERROR 08004: Connection authentication failure occurred. Reason: userid or
password invalid, or the database may be using an alternate password encryption
scheme.
> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
> Key: DERBY-4483
> URL: https://issues.apache.org/jira/browse/DERBY-4483
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Affects Versions: 10.5.3.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Priority: Minor
> Fix For: 10.6.0.0
>
> Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat,
> derby-4483-2a.diff, derby-4483-2a.stat, experiment.diff, releaseNote.html,
> toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with
> the SHA-1 algorithm. It would be nice to have way to specify a different
> algorithm so that users can take advantage of new, stronger algorithms
> provided by their JCE provider if so desired.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
