That is, a user name and password must be specified whenever a user connects
to a database, and object owners control access to database objects. See
for more information,
and see
for an example of the use of NATIVE
authentication.
For maximum security, the passwords that users specify when they connect to
databases have an expiration date that you can modify by using the property
derby.authentication.native.passwordLifetimeMillis. The
password of the
Database Owner never expires. By
default, ordinary user passwords expire after 31 days.
If a password is about to expire, or if the Database Owner's password is
near what would be the expiration date,
issues a warning that
the password will soon expire (or, in the Database Owner's case, that the
password is stale). By default, the warning is issued if the password is due to
expire in one-eighth of the password's lifetime. For example, if the password
has a 31-day lifetime, the warning will be issued 3.875 days before the
expiration date. You can change this proportion by using the property
derby.authentication.native.passwordLifetimeThreshold.
Use the derby.authentication.builtin.algorithm property to
change the way passwords are encrypted when they are stored in the SYSUSERS
system table. The default algorithm is SHA-256. Two related properties are
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations, which can be used to
make the hashed passwords harder for attackers to crack.
See the for details on these
properties.