If you do not configure
Derby security, you must be
aware of the following vulnerabilities.
- Network JDBC: Network JDBC connections expose sensitive operations to
use by persons who may not have account privileges on the database machine.
- Cleartext traffic: By default, network traffic travels in
cleartext.
- Unbounded growth: Tables can grow arbitrarily large.
- CPU hogging: Unbounded CPU cycles can be consumed by connection
attempts, SQL queries, and user code running in the database.
- Superusers: By default, all Derby
users enjoy extensive powers to read and write in all databases.
- Launch privileges:
Derby procedural code
executes with the operating system privileges of the account that launched the
virtual machine. This includes system-supplied procedures as well as custom,
user-coded procedures.
- User code: Arbitrary user code can execute in the
Derby virtual machine by
means of user-coded functions and procedures.
- Open source:
Derby's code itself is
publicly visible as part of the
Apache Derby open source project.
This means that an attacker can write subtle malware after studying the code and
file formats. Note that while closed source code enjoys the advantage of
"security by obscurity", openness can confer other, countervailing security
advantages.