Derby and Security

Derby and Security can be deployed in a number of ways and in a number of different environments. The security needs of the system are also diverse. user authenticationdefinition authenticationdefinitiondisk encryptionencrypting databases

supplies or supports the following optional security mechanisms:

User authentication
verifies user names and passwords before permitting them access to the system.
User authorization
A means of granting specific users permission to read a database or to write to a database.
Disk encryption
A means of encrypting data stored on disk.
Validation of Certificate for Signed Jar Files
In a Java 2 environment, validates certificates for classes loaded from signed jar files.
Network encryption and authentication
network traffic may be encrypted with SSL/TLS. SSL/TLS certificate authentication is also supported. See "Network encryption and authentication with SSL/TLS" in the for details.

The following figure shows some of the security mechanisms at work in a client/server environment. User authentication is performed by accessing an LDAP Directory Service. The data in the database is not encrypted in this trusted environment.Example of using an LDAP Directory Service in a trusted environment. This figure shows user authentication from an LDAP directory service to the Derby engine and user authorization to read and write data. The Derby database is a trusted environment and the data is not encrypted.

The following figure shows how another security mechanism, disk encryption, protects data when the recipient might not know how to protect data. It is useful for databases deployed in an embedded environment.Example of using disk encryption to protect data. This figure shows disk encryption between the Derby engine and the database.