The following tips should help you write and deploy safer
applications that use Derby.
- Create a launch account: Create an operating system account for the
System Administrator. This will be the account that launches
Derby. This account should
not be the operating system's superuser.
- Limit file permissions: Limit the file permissions of this System
Administrator account to just the directories that the application should be
allowed to read and write. Do not grant read or write access on these
directories to any other operating system accounts.
- Create a policy file: Write your own Java Security policy that
restricts the directories that
Derby can access and the
sockets on which it can accept connections. See
Configuring Java security for more information.
- Prevent JDBC leaks: Do not let JDBC connections leak outside your
intranet's firewall. If possible, design your application so that external
clients talk to an application server, which in turn communicates with
Derby. Limit the JDBC
connections to communication between the application server and
Derby.
- Protect against injection: Do not construct queries by concatenating
strings that are filled in by clients. To parameterize your queries, use JDBC
? parameters in PreparedStatements.
- Deploy your shields: By default, enable all defenses mentioned in
this section. If you need to turn off a defense for performance reasons, then
carefully consider how you will protect your application from the threats which
that defense parries.