[jira] Updated: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication

Wed, 24 Mar 2010 06:16:52 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Knut Anders Hatlen updated DERBY-4483:
--------------------------------------

    Attachment: errormsg.diff

Thanks for the suggestions about the error message. That sounds like a good 
idea. The attached patch (errormsg.diff) makes 
BasicAuthenticationServiceImpl.authenticateUser() raise an exception with a 
custom error message if strong password substitution is enabled. Now it will 
look this on the client:

ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC: 
Connection authentication failure occurred. Either the supplied credentials 
were invalid, or the database uses a password encryption scheme which is not 
compatible with the strong password substitution security mechanism. If this 
error started after upgrade, refer to the release note for DERBY-4483 for 
options.

I think this patch could go in independently of the patch that changes the 
default, if the wording in the new message sounds OK.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>             Fix For: 10.6.0.0
>
>         Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat, 
> derby-4483-2a.diff, derby-4483-2a.stat, errormsg.diff, experiment.diff, 
> releaseNote.html, toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with 
> the SHA-1 algorithm. It would be nice to have way to specify a different 
> algorithm so that users can take advantage of new, stronger algorithms 
> provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to