User authentication differences

User authentication differences User authentication differencesand Network ServerNetwork Serveruser authentication andorg.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITYSecurity propertiessupported by Network ServerNetwork Serversupported security propertiesorg.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY

When running in embedded mode or when using the Network Server, you can enable or disable server-side user authentication. However, when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD_SECURITY) requires that you supply both the user name and password.

In addition to the default user name and password security mechanism, org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY, Network Server supports the following security properties:

UserID (org.apache.derby.jdbc.ClientDataSource.USER_ONLY_SECURITY)
When using this mechanism, you must specify only the user property. All other mechanisms require you to specify both the user name and the password.
Encrypted UserID and encrypted password (org.apache.derby.jdbc.ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY)
When using this mechanism, both password and user id are encrypted.
Strong password substitution (org.apache.derby.jdbc.ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY)
When using this mechanism, a strong password substitute is generated and used to authenticate the user with the network server. The original password is never sent in any form across the network.

The user's name that is specified upon connection is the default schema for the connection, if a schema with that name exists. See the for more information on schema and user names.

If you specify any other security mechanism, you will receive an exception.

To change the default, you can specify another security mechanism either as a property or on the URL (using the securityMechanism=value attribute) when making the connection. For details, see and "securityMechanism=value attribute" in the .

Whether the security mechanism you specify for the client actually takes effect depends upon the setting of the derby.drda.securityMechanism property for the Network Server. If the derby.drda.securityMechanism property is set, the Network Server accepts only connections that use the security mechanism specified by the property setting. If the derby.drda.securityMechanism property is not set, clients can use any valid security mechanism. For details, see .