Network client security

The Derby Network Client allows you to select a security mechanism by specifying a value for the securityMechanism property.

You can set the securityMechanism property in one of the following ways:

When you are using the DriverManager interface, set securityMechanism in a java.util.Properties object before you invoke the form of the getConnection method, which includes the java.util.Properties parameter.
When you are using the DataSource interface to create and deploy your own DataSource objects, invoke the DataSource.setSecurityMechanism method after you create a DataSource object.

Security mechanisms supported by the Derby Network Client lists the security mechanisms that the Derby Network Client supports, and the corresponding property value to specify to obtain this securityMechanism. The default security mechanism is the user id only if no password is set. If the password is set, the default security mechanism is both the user id and password. The default user is APP if no other user is specified.

Table 1. Security mechanisms supported by the Derby Network Client
Security mechanism	securityMechanism property value	Comments
User id and password	ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY (0x03)	Default if password is set
User id only	ClientDataSource.USER_ONLY_SECURITY (0x04)	Default if password is not set
Strong password substitution	ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY (0x08)	Strong password substitution can be used only with Derby's BUILTIN authentication mechanism or with authentication disabled. Also, for the BUILTIN mechanism, strong password substitution does not work for database-level users whose password has been protected by a custom message digest algorithm specified by the derby.authentication.builtin.algorithm property.
Encrypted user id and encrypted password	ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY (0x09)	Encryption requires a JCE implementation that supports the Diffie-Hellman algorithm with a public prime of 256 bits.