Copyright
License
About this guide
Purpose of this guide
Audience
How this guide is organized
Part One: Introduction to database security
Why databases need security
Vulnerabilities of unsecured databases
Threats to unsecured databases
Defenses against security threats
Derby defenses against threats
Defenses outside of Derby
Defenses mapped to threats
Designing safer Derby applications
Security terminology
Part Two: Configuring security for Derby
Basic security configuration tasks
Configuring security in an embedded environment
Configuring security in a client/server environment
Network Server security
Configuring database encryption
Requirements for Derby encryption
Working with encryption
Encrypting databases on creation
Encrypting an existing unencrypted database
Creating a boot password
Specifying an alternate encryption provider
Specifying an alternate encryption algorithm
Encrypting databases with a new key
Encrypting databases with a new boot password
Encrypting databases with a new external encryption key
Booting an encrypted database
Decrypting an encrypted database
Using signed jar files
Configuring SSL/TLS
Creating a client key pair and certificate
Creating a server key pair and certificate
Importing certificates
Booting the server and connecting to it
Key and certificate handling
Starting the server with SSL/TLS
Running the client with SSL/TLS
Other server commands
Understanding identity in Derby
Users and authorization identifiers
Authorization identifiers, user authentication, and user authorization
User names and schemas
Exceptions when using authorization identifiers
Database Owner
Configuring user authentication
Configuring LDAP authentication
Booting an LDAP server
Setting up Derby to use your LDAP directory service
Guest access to search for DNs
LDAP performance issues
LDAP restrictions
JNDI-specific properties for external directory services
Configuring NATIVE authentication
Enabling NATIVE authentication explicitly
Working with a credentials database
NATIVE authentication and other database properties
Managing users and passwords
Converting an existing database to use NATIVE authentication
Specifying authentication with a user-defined class
Example of setting a user-defined class
List of user authentication properties
Programming applications for Derby user authentication
Login failure exceptions with user authentication
Configuring Network Server authentication in special circumstances
Configuring Network Client authentication without SSL/TLS
Configuring Network Server authentication without SSL/TLS
Configuring user authorization
Configuring coarse-grained user authorization
Read-only and full access permissions
Setting the default connection access mode
User authorization exceptions
Configuring fine-grained user authorization
Using fine-grained user authorization
Privileges on views, triggers, constraints, and generated columns
Using SQL roles
Upgrading an old database to use SQL standard authorization
SQL standard authorization exceptions
NATIVE authentication and SQL authorization example
Configuring Java security
Basic security policy template
Sample customized Java security policy file
Using a Java security policy file
Running embedded Derby with a security manager
Running the Network Server with a security manager
Running the Network Server without a security manager
Restricting file permissions
Putting it all together
Starting a secured Network Server
Creating and using a secure database
Stopping the secured Network Server
Trademarks