authenticating based on passwords stored in the catalog

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

authenticating based on passwords stored in the catalog

John Sichi
This is one last feature which is squeaking into 0.9.2.

Up until now, enabling  authentication required plugging in a JAAS login
module for some external authentication system.  The corresponding
framework wiki page now covers both JAAS-based and catalog-based

Plaintext passwords will not actually be stored, just SHA-256 digests.
There are lots of potential enhancements here (e.g. PostgreSQL does
stuff like salt, and client-side encryption for passwords so that they
are pre-encrypted going over the wire) , but we're going to start it off
  as barebones and then improve it over time.

The change will be entirely additive (i.e. to start using the new
feature, you have to start using the new CREATE USER syntax, and if you
  don't, existing extensions and deployments continue to work as is).


Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
luciddb-users mailing list
[hidden email]