NATIVE authentication and other database properties

NATIVE authentication and other database properties When NATIVE authentication is enabled, behaves as if the derby.connection.requireAuthentication and derby.database.sqlAuthorization properties are also set. user authenticationNATIVE authentication NATIVE authenticationand other database properties

That is, a user name and password must be specified whenever a user connects to a database, and object owners control access to database objects. See for more information, and see for an example of the use of NATIVE authentication.

For maximum security, the passwords that users specify when they connect to databases have an expiration date that you can modify by using the property derby.authentication.native.passwordLifetimeMillis. The password of the Database Owner never expires. By default, ordinary user passwords expire after 31 days.

If a password is about to expire, or if the Database Owner's password is near what would be the expiration date, issues a warning that the password will soon expire (or, in the Database Owner's case, that the password is stale). By default, the warning is issued if the password is due to expire in one-eighth of the password's lifetime. For example, if the password has a 31-day lifetime, the warning will be issued 3.875 days before the expiration date. You can change this proportion by using the property derby.authentication.native.passwordLifetimeThreshold.

Use the derby.authentication.builtin.algorithm property to change the way passwords are encrypted when they are stored in the SYSUSERS system table. The default algorithm is SHA-256. Two related properties are derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations, which can be used to make the hashed passwords harder for attackers to crack.

See the for details on these properties.