In an embedded environment, typically there is only one database
per system and there are no administrative resources to protect databases.
To configure security in an embedded environment:
- Encrypt the database when you create it.
- Configure all security features as database-level properties.
These properties are stored in the database (which is encrypted). See
Scope of properties and
Setting database-wide properties for more
information.
- Turn on protection for database-level properties so that they cannot
be overridden by system properties by setting the derby.database.propertiesOnly property
to TRUE. See the Derby Reference Manual for details
on this property.
- To prevent unauthorized users from accessing databases once they
are booted, turn on user authentication for the database and configure user
authorization for the database.
- If you are using Derby's
built-in users, configure each user as a database-level property so that user
names and passwords can be encrypted.
Important: Derby's
built-in authentication mechanism is suitable only for development and testing
purposes. It is strongly recommended that production systems rely on LDAP or a
user-defined class for authentication. It is also strongly recommended that
production systems protect network connections with SSL/TLS.