In most cases, you enable Derby's security features through the use of properties. It is important to understand the best way of setting properties for your environment.
This discussion assumes a system with multiple databases and some administrative resources. For systems that have a single database and for which there are no administrative resources, follow the instructions in Configuring Security in an Embedded Environment.
See "System-Wide Properties" in Tuning Derby.
Provide administrative-level protection for the derby.properties file and Derby databases. For example, you can protect these files and directories with operating system permissions and firewalls.
All users must provide valid user IDs and passwords to access the Derby system. See Working with User Authentication for information.
If you are using Derby's built-in users, configure users for the system in the derby.properties file. Provide the protection for this file.
Only designated users will be able to access sensitive databases. You typically configure user authorization with database-level properties. See User Authorization for information. It is also possible to configure user authorization with system-level properties. This is useful when you are developing systems or when all databases have the same level of sensitivity.
In an embedded environment, typically there is only one database per system and there are no administrative resources to protect databases.
When you do this, these properties are stored in the database (which is encrypted). See "Database-Wide Properties" in Tuning Derby.
Do this by setting the derby.database.propertiesOnly property to true.
See Working with User Authentication for information.
See User Authorization for information.
Caveat for Configuring Security |
---|
Derby does not come with a built-in superuser. For that reason, be careful when configuring Derby for user authentication and user authorization.
|