In discussing
Derby defenses, the following
terms are useful.
- attacker
- A person or organization that seeks to compromise the security of a
system.
- damages
- The harm done to a system by an attacker. Includes denial-of-service, theft
of secrets, and corruption of data.
- Database Owner
- The person who creates a database and configures its security.
- insider
- An attacker, such as a disgruntled co-worker, who operates inside the
firewall and enjoys the presumption of friendliness.
- malware
- A program that compromises security, such as a virus, worm, or spider.
- outsider
- An attacker who operates outside the firewall.
- System Administrator
- The account that launches
Derby and is responsible for
configuring the security of the
Derby system.
- technique
- A mechanism for compromising the security of a system, such as
man-in-the-middle or SQL injection.
- user
- A person authorized to use a
Derby application.
- vulnerability
- A feature of Derby that
attackers can exploit in order to cause damage.