Derby provides numerous defenses against security threats.
These defenses are described in the following table.
| Defense | Task Owner | Description |
|---|---|---|
| Java security | System Administrator | Using a Java SecurityManager and policy file, the System Administrator can restrict the permissions granted to user-written code. The System Administrator can also restrict the permissions granted to Derby itself. |
| SSL/TLS | System Administrator | The System Administrator can require that SSL/TLS be used to encrypt network traffic between Derby clients and servers, along the way raising an extra authentication hurdle. |
| Encryption | Database Owner | A Database Owner can require that the data for an application be encrypted before being stored on disk. This makes it expensive to steal and corrupt the data. |
| Authentication | Database Owner | Using usernames and passwords, a Database Owner can restrict access to an application's data. |
| Coarse-grained authorization | Database Owner | A Database Owner can divide an application's users into three groups: those with no privileges, those with read-only privileges, and those with read-write privileges. |
| Fine-grained SQL authorization | Database Owner | By using SQL GRANT and REVOKE statements, a Database Owner can further restrict access to fine-grained pieces of data and code. |