When running Derby in embedded mode or when using the Derby Network Server, you can enable or disable server-side user authentication. However, when using the Network Server, the default security mechanism (CLEAR_TEXT_PASSWORD_SECURITY) requires that you supply both the user name and password.
In addition to the default user name and password security mechanism, org.apache.derby.jdbc.ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY, Derby Network Server supports the following security properties:
When using this mechanism, you must specify only the user property. All other mechanisms require you to specify both the user name and the password.
When using this mechanism, both password and user id are encrypted.
When using this mechanism, a strong password substitute is generated and used to authenticate the user with the network server. The original password is never sent in any form across the network.
The user's name that is specified upon connection is the default schema for the connection, if a schema with that name exists. See the Derby Developer's Guide for more information on schema and user names.
If you specify any other security mechanism, you will receive an exception.
To change the default, you can specify another security mechanism either as a property or on the URL (using the securityMechanism=value attribute) when making the connection. For details, see Network client security and "securityMechanism=value attribute" in the Derby Reference Manual.
Whether the security mechanism you specify for the client actually takes effect depends upon the setting of the derby.drda.securityMechanism property for the Network Server. If the derby.drda.securityMechanism property is set, the Network Server accepts only connections that use the security mechanism specified by the property setting. If the derby.drda.securityMechanism property is not set, clients can use any valid security mechanism. For details, see derby.drda.securityMechanism property.