Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0044832 | Openbravo ERP | A. Platform | public | 2020-08-17 16:40 | 2020-08-28 12:08 |
|
| Reporter | shuehner | |
| Assigned To | cberner | |
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | PR20Q4 | Fixed in Version | PR20Q4 | |
| Merge Request Status | |
| Review Assigned To | caristu |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0044832: Support SCRAM authentication with PostgreSQL database by updating jdbc driver to version supporting it |
| Description | PostgreSQL 11 added new form of password authentication (database passwords themselves) called SCRAM-SHA-256
https://www.postgresql.org/docs/11/auth-password.html [^]
Trying this with current master again PostgreSQL 12
fails with
org.postgresql.util.PSQLException: SCRAM authentication is not supported by this driver. You need JDK >= 8 and pgjdbc >= 42.2.0 (not ".jre" vesions)
|
| Steps To Reproduce | Configure PostgreSQL i.e. 12 with following change
password_encryption = scram-sha-256
After that change change the 'postgres' user password to save it inside postgres with the new system active.
Now run 'ant create.database' with this postgres and see following error:
/home/huehner/ob/branches/pi_scram_pg/src-db/database/build-create.xml:104: org.postgresql.util.PSQLException: SCRAM authentication is not supported by this driver. You need JDK >= 8 and pgjdbc >= 42.2.0 (not ".jre" vesions)
|
| Proposed Solution | Update jdbc driver to the latest version available and test that above feature works properly.
|
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0044905 | | closed | cberner | Openbravo ERP | Update postgres driver to support scram encryption in backoffice-test | | related to | defect | 0044906 | | closed | cberner | Retail Modules | Update PostgreSQL driver to support SCRAM encryption in mobile-test | | related to | defect | 0046847 | | closed | alostale | Openbravo ERP | Fix support for SCRAM authentication with PostgreSQL database by updating jdbc driver to version supporting it (again) |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2020-08-17 16:40 | shuehner | New Issue | |
| 2020-08-17 16:40 | shuehner | Assigned To | => cberner |
| 2020-08-17 16:40 | shuehner | Modules | => Core |
| 2020-08-17 16:40 | shuehner | Triggers an Emergency Pack | => No |
| 2020-08-17 16:41 | shuehner | Note Added: 0122103 | |
| 2020-08-19 14:46 | hgbot | Note Added: 0122181 | |
| 2020-08-20 11:22 | cberner | Status | new => scheduled |
| 2020-08-20 11:23 | cberner | Review Assigned To | => caristu |
| 2020-08-25 11:18 | hgbot | Note Added: 0122346 | |
| 2020-08-25 11:18 | hgbot | Resolution | open => fixed |
| 2020-08-25 11:18 | hgbot | Status | scheduled => closed |
| 2020-08-25 11:18 | hgbot | Fixed in Version | => PR20Q4 |
| 2020-08-25 11:18 | hgbot | Note Added: 0122347 | |
| 2020-08-27 08:23 | cberner | Relationship added | related to 0044905 |
| 2020-08-27 08:34 | cberner | Relationship added | related to 0044906 |
| 2020-08-28 12:08 | hgbot | Note Added: 0122420 | |
| 2021-05-26 16:31 | shuehner | Relationship added | related to 0046847 |
|
Notes |
|
|
|
|
Note that while we already have 42.2.2 in core since 38269 we used '.jre7' version of the jar file which apparently is not good enough. |
|
|
|
(0122181)
|
|
hgbot
|
|
2020-08-19 14:46
|
|
|
|
|
(0122346)
|
|
hgbot
|
|
2020-08-25 11:18
|
|
|
|
|
(0122347)
|
|
hgbot
|
|
2020-08-25 11:18
|
|
Directly closing issue as related merge request is already approved.
Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: 08236f77d7d1d46744cafd19395e4733bff24bcd
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-08-25T08:58:03+00:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/08236f77d7d1d46744cafd19395e4733bff24bcd [^]
Fixes ISSUE-44832: Update postgresql driver to support scram password encrypt
Postgresql version >= 42.2.x is needed to support scram-sha-256 postgres
password encryption. This exists since postgres 11 and it requires
updating the client driver. Note, jre7 42.2.2 version didn't have this
feature included.
This updated driver also fixes several security issues and vulnerabilities.
Updated postgresql driver 42.2.2.jre7 -> 42.2.16
---
A lib/runtime/postgresql-42.2.16.jar
M build.xml
M legal/Licensing.txt
R lib/runtime/postgresql-42.2.2.jre7.jar
---
|
|
|
|
(0122420)
|
|
hgbot
|
|
2020-08-28 12:08
|
|
|