You incur a severe security risk by opening
up the server to all clients without limiting access via user authentication and
a security policy.
Use the -noSecurityManager option to force the Network
Server to come up without a security manager. For example:
java org.apache.derby.drda.NetworkServerControl start \
-h localhost -noSecurityManager