Flash (Alert)
Abstract
SECURITY: JDBC DRIVER SENDS UNENCRYPTED PASSWORD OVER THE NETWORK EVEN WHEN SECURITY=PASSWORD OPTION IS USED
Content
PROBLEM
When a JDBC connection was configured to use SPWDCSM, the driver exposed the password in the clear as well as sending it encrypted. The issue has been fixed in JDBC 3.50.JC3R1. The password will only be sent encrypted.
CAUSE
This is a known product defect. The APAR number is IC60421.
Important: This is only one possible cause of the problem. If this document does not provide you with a solution to your problem, you should search for other documents that refer to this topic.
SCOPE
The following products and operating systems are affected:
|
Product Name
|
Product Version(s)
|
Hardware Vendor
|
Operating System
|
|
JDBC Driver
|
|
All
|
All
|
SOLUTION
IBM customers can obtain information about reported Informix APARs from any of the Informix Product Support Centers. To access one of the Informix Product Support Centers, visit the following Informix Product Family Support page.
|
If you have
|
Then download
|
|
|
Click here for download information.
If you are interested in learning more about Authorized Program Analysis Reports, review the following Technote, Informix APAR Information.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.