Derby and Security

Derby can be deployed in a number of ways and in a number of different environments. The security needs of the Derby system are also diverse. Derby supplies or supports the following optional security mechanisms:

• User authentication

  Derby verifies user names and passwords before permitting them access to the Derby system. See Working with user authentication.

• User authorization

  A means of granting specific users permission to read a database or to write to a database. See User authorization.

• Disk encryption

  A means of encrypting Derby data stored on disk. See Encrypting databases on disk.

• Validation of Certificate for Signed Jar Files

  In a Java 2 environment, Derby validates certificates for classes loaded from signed jar files. See Signed jar files.

  Figure 1. Some of the Derby security mechanisms at work in a client/server environment
  
  
  Figure 2. Another Derby security mechanism, disk encryption, protects data when the recipient might not know how to protect data. It is useful for databases deployed in an embedded environment.
  
  

• Configuring security for your environment
  
• Working with user authentication
  Derby provides support for user authentication. User authentication means that Derby authenticates a user's name and password before allowing that user access to the system.
• Users and authorization identifiers
  
• User authorization
  
• Encrypting databases on disk
  Derby provides a way for you to encrypt your data on disk.
• Signed jar files
  
• Notes on the Derby security features
  
• User authentication and authorization examples
  
• Running Derby under a security manager
  When running within an application or application server with a Java 2 Security Manager enabled, Derby must be granted certain permissions to execute and access database files.