For that reason, the application developer has decided to encrypt
the database and to turn on user authentication using 's
built-in user authentication, which will not require connections to an LDAP
server. The end-user must know the bootPassword to boot the database
and the user name and password to connect to the database. Even if the database
ended up in an e-mail, only the intended recipient would be able to access
data in the database. The application developer has decided not to use any
user authorization features, since each database will accept only a single
user. In that situation, the default full-access connection mode is acceptable.
's
built-in authentication mechanism is suitable only for development and testing
purposes. It is strongly recommended that production systems rely on LDAP or a
user-defined class for authentication. It is also strongly recommended that
production systems protect network connections with SSL/TLS.
When creating the database, the application developer encrypts
the database by using the following connection URL:
jdbc:derby:wombat;create=true;dataEncryption=true;
bootPassword=sxy90W348HHn
Before deploying the database, the application developer turns
on user authentication, sets the authentication provider to BUILTIN, creates
a single user and password, and disallows system-wide properties to protect
the database-wide security property settings:
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.connection.requireAuthentication', 'true')
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.provider', 'BUILTIN')
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.user.enduser', 'red29PlaNe')
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.database.propertiesOnly', true')
When the user connects (and boots) the database, the user has
to provide the bootPassword, the user name, and the password. The following
example shows how to provide those in a connection URL, although the application
programmer would probably provide GUI windows to allow the end user to type
those in:
jdbc:derby:wombat;bootPassword=sxy90W348HHn;
user=enduser;password=red29PlaNe