Network Server security

By default, the Derby Network Server listens only on the localhost. Clients must use the localhost host name to connect.

By default, clients cannot access the Network Server from another host. To enable connections from other hosts, set the derby.drda.host property, or start the Network Server with the -h option in the java org.apache.derby.drda.NetworkServerControl start command.

In the following example, the server will listen only on the localhost, and clients cannot access the server from another host:

java org.apache.derby.drda.NetworkServerControl start

In the following example, the server runs on the host machine sampleserver.example.com and also listens for clients from other hosts. Clients must specify the server in the URL or DataSource as sampleserver.example.com:

java org.apache.derby.drda.NetworkServerControl start 
   -h sampleserver.example.com

To start the Network Server so that it will listen on all interfaces, start with an IP address of 0.0.0.0, as shown in the following example:

java org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0

A server that is started with the -h 0.0.0.0 option will listen to client requests that originate from both localhost and from other machines on the network.

However, administrative commands (for example, org.apache.derby.drda.NetworkServerControl shutdown) can run only on the host where the server was started, even if the server was started with the -h option.

Related concepts
Controlling database file access
Network encryption and authentication with SSL/TLS
Related tasks
Running the Network Server under the security manager
Running the Network Server with user authentication
Configuring the Network Server to handle connections
Controlling logging by using the log file
Controlling tracing by using the trace facility