• Copyright
  • License
  • About this guide
    • Purpose of this guide
    • Audience
    • How this guide is organized
  • Part One: Introduction to database security
    • Why databases need security
      • Vulnerabilities of unsecured databases
      • Threats to unsecured databases
    • Defenses against security threats
      • Derby defenses against threats
      • Defenses outside of Derby
    • Defenses mapped to threats
    • Designing safer Derby applications
    • Security terminology
  • Part Two: Configuring security for Derby
    • Basic security configuration tasks
      • Configuring security in an embedded environment
      • Configuring security in a client/server environment
        • Network Server security
    • Configuring database encryption
      • Requirements for Derby encryption
      • Working with encryption
        • Encrypting databases on creation
        • Encrypting an existing unencrypted database
        • Creating a boot password
          • Specifying an alternate encryption provider
          • Specifying an alternate encryption algorithm
        • Encrypting databases with a new key
          • Encrypting databases with a new boot password
          • Encrypting databases with a new external encryption key
        • Booting an encrypted database
        • Decrypting an encrypted database
    • Using signed jar files
    • Configuring SSL/TLS
      • Creating a client key pair and certificate
      • Creating a server key pair and certificate
      • Importing certificates
      • Booting the server and connecting to it
      • Key and certificate handling
      • Starting the server with SSL/TLS
      • Running the client with SSL/TLS
      • Other server commands
    • Understanding identity in Derby
      • Users and authorization identifiers
        • Authorization identifiers, user authentication, and user authorization
        • User names and schemas
        • Exceptions when using authorization identifiers
      • Database Owner
    • Configuring user authentication
      • Configuring LDAP authentication
        • Booting an LDAP server
        • Setting up Derby to use your LDAP directory service
        • Guest access to search for DNs
        • LDAP performance issues
        • LDAP restrictions
        • JNDI-specific properties for external directory services
      • Configuring NATIVE authentication
        • Enabling NATIVE authentication explicitly
        • Working with a credentials database
        • NATIVE authentication and other database properties
        • Managing users and passwords
        • Converting an existing database to use NATIVE authentication
      • Specifying authentication with a user-defined class
        • Example of setting a user-defined class
      • List of user authentication properties
      • Programming applications for Derby user authentication
      • Login failure exceptions with user authentication
      • Configuring Network Server authentication in special circumstances
        • Configuring Network Client authentication without SSL/TLS
        • Configuring Network Server authentication without SSL/TLS
    • Configuring user authorization
      • Configuring coarse-grained user authorization
        • Read-only and full access permissions
        • Setting the default connection access mode
        • User authorization exceptions
      • Configuring fine-grained user authorization
        • Using fine-grained user authorization
        • Privileges on views, triggers, constraints, and generated columns
        • Using SQL roles
        • Upgrading an old database to use SQL standard authorization
        • SQL standard authorization exceptions
        • NATIVE authentication and SQL authorization example
    • Configuring Java security
      • Basic security policy template
      • Sample customized Java security policy file
      • Using a Java security policy file
      • Running embedded Derby with a security manager
      • Running the Network Server with a security manager
      • Running the Network Server without a security manager
    • Restricting file permissions
    • Putting it all together
      • Starting a secured Network Server
      • Creating and using a secure database
      • Stopping the secured Network Server
  • Trademarks