can be
deployed in a number of ways and in a number of different environments, ranging
from a single-user deployment for small-scale development and testing to a
multi-user deployment of a large database. For all but the smallest deployments,
however, it is essential to make the
system secure.
To secure a
database or databases, take the following steps.
- Understand the basic tasks involved in configuring security in a
client-server environment or an embedded environment.
See for details.
- Encrypt your databases.
provides ways to
encrypt data stored on disk.
For more information about encryption, see
.
- Sign any jar files that you use in your databases.
validates
certificates for classes loaded from signed jar files.
For more information about using signed jar files, see
.
- Encrypt network traffic with SSL/TLS.
SSL/TLS certificate authentication is also supported. See
for details.
- Understand the concept of identity in
.
See for details.
- Configure authentication by setting up users and passwords.
Authentication determines whether someone is a legal user. It establishes
a user's identity.
verifies user names and passwords before permitting access to the
system.
For more information about authentication, see
.
- Configure user authorization for the system.
Authorization determines what operations can be performed by a user's
identity.
Authorization grants users or roles permission to read a database or to write
to a database.
For more information about authorization, see
.
- If necessary, restrict database file access to the operating system account
that started the JVM.
For details, see .
See the for information about
many security-related properties and system procedures, as well as such
statements as GRANT, REVOKE, CREATE ROLE, DROP ROLE, CREATE PROCEDURE, and
CREATE FUNCTION.