In an embedded environment, typically there is only one database per system
and there are no administrative resources to protect databases.
Encrypt the database when you create it.
Configure all security features as database-level properties. These properties
are stored in the database (which is encrypted). See Tuning Derby.
Turn on protection for database-level properties so that they cannot be
overridden by system properties by setting the derby.database.propertiesOnly property to TRUE.
To prevent unauthorized users from accessing databases once they are booted,
turn on user authentication for the database and configure user authorization
for the database. See Working with user authentication and User authorization for more information.
If you are using Derby's built-in users, configure each user
as a database-level property so that user names and passwords can be encrypted.