Configuring security in a client/server environment

This procedure requires a system with multiple databases and some administrative resources. For systems that have a single database and for which there are no administrative resources, follow the instructions in Configuring security in an embedded environment.

  1. Configure security features as system properties. See Tuning Derby.
  2. Provide administrative-level protection for the derby.properties file and Derby databases. For example, you can protect these files and directories with operating system permissions and firewalls.
  3. Turn on user authentication for your system. All users must provide valid user IDs and passwords to access the Derby system. See Working with user authentication for information. If you are using Derby's built-in users, configure users for the system in the derby.properties file. Provide the protection for this file.
  4. Configure user authorization for sensitive databases in your system. Only designated users will be able to access sensitive databases. You typically configure user authorization with database-level properties. See User authorization for information. It is also possible to configure user authorization with system-level properties. This is useful when you are developing systems or when all databases have the same level of sensitivity.