This guide includes the following two parts.
Part One: Introduction to database security
Describes the vulnerabilities and threats that databases face.
Describes the kinds of defenses that databases can use.
Shows how the defenses available to databases map to the threats that they face.
Describes important techniques for securing databases.
Provides a glossary of security terms used in this part.
Part Two: Configuring security for Derby
Lists basic tasks for configuring security in an embedded or client/server environment.
Explains how to encrypt Derby databases.
Explains how to use signed jar files in Derby databases.
Explains how to use SSL/TLS to encrypt network traffic in a client/server environment.
Describes the concepts of identity, users, and authorization identifiers in Derby.
Explains how to configure authentication, which determines whether someone is a legal user.
Explains how to configure authorization, which determines what operations can be performed by a user's identity.
Explains how to use a Java security manager with Derby.
Explains how to take advantage of file system protections.
Shows how to enable all the available Derby defenses.