In an embedded environment, typically there is only one database
per system and there are no administrative resources to protect databases.
To configure security in an embedded environment:
- Encrypt the database when you create it.
- Configure all security features as database-level properties.
These properties are stored in the database (which is encrypted). See Tuning Derby.
- Turn on protection for database-level properties so that they cannot
be overridden by system properties by setting the derby.database.propertiesOnly property
to TRUE.
- To prevent unauthorized users from accessing databases once they
are booted, turn on user authentication for the database and configure user
authorization for the database.
- If you are using Derby's
built-in users, configure each user as a database-level property so that user
names and passwords can be encrypted.