Derby and Security
Derby can be
deployed in a number of ways and in a number of different environments. The
security needs of the Derby system
are also diverse.
Derby supplies or supports
the following optional security mechanisms:
- User authentication
user names and passwords before permitting them access to the Derby system.
- User authorization
A means of granting specific users permission
to read a database or to write to a database.
- Disk encryption
A means of encrypting Derby data
stored on disk.
- Validation of Certificate for Signed Jar Files
In a Java 2
environment, Derby validates
certificates for classes loaded from signed jar files.
Figure 1. Some of the Derby security
mechanisms at work in a client/server environment
Figure 2. Another Derby security
mechanism, disk encryption, protects data when the recipient might not know
how to protect data. It is useful for databases deployed in an embedded environment.
- Configuring security for your environment
In most cases, you enable Derby's security features through the use of properties. It is important to understand the best way of setting properties for your environment.
- Working with user authentication
Derby provides support for user authentication. User authentication means that Derby authenticates the name and password for a user before allowing that user access to the system.
- Users and authorization identifiers
User names within the Derby system are known as authorization identifiers. The authorization identifier is a string that represents the name of the user, if one was provided in the connection request.
- User authorizations
When you specify user authorizations, Derby verifies that a user has been granted permission to access a system, database, object, or SQL action.
- Encrypting databases on disk
Derby provides a way for you to encrypt your data on disk.
- Signed jar files
In a Java 2 environment, Derby can detect digital signatures on jar files. When attempting to load a class from a signed jar file stored in the database, Derby will verify the validity of the signature.
- Notes on the Derby security features
TheDerby security model has some basic limitations.
- User authentication and authorization examples
This section provides examples on using user authentication and authorization in Derby in either a client/server environment or in an embedded environment.
- Running Derby under a security manager
When running within an application or application server with a Java 2 Security Manager enabled, Derby must be granted certain permissions to execute and access database files.