Derby defenses against threats

Derby provides numerous defenses against security threats.

These defenses are described in the following table.

Table 1. Derby defenses
Defense Task Owner Description
Java security System Administrator Using a Java SecurityManager and policy file, the System Administrator can restrict the permissions granted to user-written code. The System Administrator can also restrict the permissions granted to Derby itself.
SSL/TLS System Administrator The System Administrator can require that SSL/TLS be used to encrypt network traffic between Derby clients and servers, along the way raising an extra authentication hurdle.
Encryption Database Owner A Database Owner can require that the data for an application be encrypted before being stored on disk. This makes it expensive to steal and corrupt the data.
Authentication Database Owner Using usernames and passwords, a Database Owner can restrict access to an application's data.
Coarse-grained authorization Database Owner A Database Owner can divide an application's users into three groups: those with no privileges, those with read-only privileges, and those with read-write privileges.
Fine-grained SQL authorization Database Owner By using SQL GRANT and REVOKE statements, a Database Owner can further restrict access to fine-grained pieces of data and code.
Related concepts
Defenses outside of Derby