Configuring Network Client authentication without SSL/TLS If you do not encrypt network traffic with SSL/TLS, you can use properties to specify the encryption of user names and passwords on the client side. Network Client security Using SSL/TLS is strongly recommended for production applications. Use the properties only under unusual circumstances.

The securityMechanism=value property specifies a security mechanism for the Network Client. See the for details on this property.

You can set the securityMechanism property in one of the following ways:

The following table lists the security mechanisms that the Network Client supports, and the corresponding property value to specify to obtain this security mechanism. The default security mechanism is the user id only if no password is set. If the password is set, the default security mechanism is both the user id and password. The default user is APP if no other user is specified.

Security mechanisms supported by the <ph conref="../conrefs.dita#prod/productshortname"></ph> Network ClientThis table lists, describes, and provides additional information about network client security mechanisms. Security Mechanism securityMechanism Property Value Comments User id and password ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY (0x03) Default if password is set User id only ClientDataSource.USER_ONLY_SECURITY (0x04) Default if password is not set Encrypted user id and encrypted password ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY (0x09) Encryption requires a JCE implementation that supports the Diffie-Hellman algorithm with a public prime of 256 bits.

provides two ClientDataSource implementations. Use the org.apache.derby.jdbc.ClientDataSource class on all supported Java SE versions except Java SE 8 Compact Profile 2. On Java SE 8 Compact Profile 2, use the org.apache.derby.jdbc.BasicClientDataSource40 class.