SECURITY: JDBC DRIVER EXPOSES PASSWORD

Flash (Alert)


Abstract

SECURITY: JDBC DRIVER SENDS UNENCRYPTED PASSWORD OVER THE NETWORK EVEN WHEN SECURITY=PASSWORD OPTION IS USED

Content


PROBLEM

When a JDBC connection was configured to use SPWDCSM, the driver exposed the password in the clear as well as sending it encrypted. The issue has been fixed in JDBC 3.50.JC3R1. The password will only be sent encrypted.


CAUSE

This is a known product defect. The APAR number is IC60421.

Important: This is only one possible cause of the problem. If this document does not provide you with a solution to your problem, you should search for other documents that refer to this topic.


SCOPE

The following products and operating systems are affected:

Product Name
Product Version(s)
Hardware Vendor
Operating System
JDBC Driver
  • 3.50.JC3 or lower
  • All
    All


    SOLUTION

    IBM customers can obtain information about reported Informix APARs from any of the Informix Product Support Centers. To access one of the Informix Product Support Centers, visit the following Informix Product Family Support page.

    If you have
    Then download
    • JDBC 3.50.JC3 or below
    • JDBC 3.50.JC3R1 or above

    Click here for download information.

    If you are interested in learning more about Authorized Program Analysis Reports, review the following Technote, Informix APAR Information.

    Rate this page:

    (0 users)Average rating

    Add comments

    Document information


    More support for:

    Informix Tools
    Informix JDBC

    Software version:

    3.5

    Operating system(s):

    AIX, DYNIX/ptx, Digital Unix (OSF1)(TRU64), HP-UX, IRIX, Linux, Mac OS X, Reliant UNIX, Sinix, Solaris, Windows

    Reference #:

    1381435

    Modified date:

    2009-04-01

    Translate my page

    Machine Translation

    Content navigation