Part Two: Configuring security for Derby

This part of the manual describes the specific tasks involved in securing Derby databases.

Derby can be deployed in a number of ways and in a number of different environments, ranging from a single-user deployment for small-scale development and testing to a multi-user deployment of a large database. For all but the smallest deployments, however, it is essential to make the Derby system secure.

To secure a Derby database or databases, take the following steps.

Understand the basic tasks involved in configuring security in a client-server environment or an embedded environment.
See Basic security configuration tasks for details.
Encrypt your databases.
Derby provides ways to encrypt data stored on disk.

For more information about encryption, see Configuring database encryption.
Sign any jar files that you use in your databases.
Derby validates certificates for classes loaded from signed jar files.

For more information about using signed jar files, see Using signed jar files.
Encrypt network traffic with SSL/TLS.
SSL/TLS certificate authentication is also supported. See Configuring SSL/TLS for details.
Understand the concept of identity in Derby.
See Understanding identity in Derby for details.
Configure authentication by setting up users and passwords.
Authentication determines whether someone is a legal user. It establishes a user's identity. Derby verifies user names and passwords before permitting access to the Derby system.

For more information about authentication, see Configuring user authentication.
Configure user authorization for the system.
Authorization determines what operations can be performed by a user's Derby identity. Authorization grants users or roles permission to read a database or to write to a database.

For more information about authorization, see Configuring user authorization.
Customize the default security policy.
For details, see Configuring Java security.
If necessary, restrict database file access to the operating system account that started the JVM.
For details, see Restricting file permissions.

See the Derby Reference Manual for information about many security-related properties and system procedures, as well as such statements as GRANT, REVOKE, CREATE ROLE, DROP ROLE, CREATE PROCEDURE, and CREATE FUNCTION.

Basic security configuration tasks
In most cases, you enable Derby security features through the use of properties. It is important to understand the best way to set properties for your environment.
Configuring database encryption
Derby provides a way for you to encrypt your data on disk.
Using signed jar files
In a Java SE environment, Derby can detect digital signatures on jar files. When attempting to load a class from a signed jar file stored in the database, Derby will verify the validity of the signature.
Configuring SSL/TLS
By default, network traffic travels in cleartext between Derby clients and servers.
Understanding identity in Derby
Derby provides two kinds of identity, system-wide identity and database-specific identity.
Configuring user authentication
By default, Derby runs without any credentials checking. This situation may be fine for many shrink-wrapped, embedded applications. However, it means that anyone can connect to an unsecured database and steal or corrupt the data there. Fortunately, it's easy to frustrate these attacks by requiring authentication.
Configuring user authorization
While authentication determines whether someone is a legal database user, authorization determines what operations can be performed by a user's identity.
Configuring Java security
The Java security manager lets you reduce the damage that your application can do.
Restricting file permissions
Additional file protections are available on some file systems, including Windows NTFS, Unix, and Linux. You can configure Derby to take advantage of these extra file protections.
Putting it all together
This section shows how to enable all available Derby defenses.