In an embedded environment, typically there is only one database
per system and there are no administrative resources to protect databases.
To configure security in an embedded environment:
- Encrypt the database when you create it.
- Configure all security features as database-level properties.
These properties are stored in the database (which is encrypted). See
Scope of properties and
Setting database-wide properties for more
information.
- Turn on protection for database-level properties so that they cannot
be overridden by system properties by setting the derby.database.propertiesOnly property
to TRUE. See the Derby Reference Manual for details
on this property.
- To prevent unauthorized users from accessing databases once they
are booted, turn on user authentication and SQL authorization for the database.
Use NATIVE authentication or, alternatively, LDAP or a user-defined
class.