Java DB

Apache Derby

Derby Developer's Guide

Derby Getting Started
Derby Reference Manual
Derby Developer's Guide
Derby Performance Tuning
Derby Server and Admin Guide
Derby Tools and Utilities
Derby Developer's Guide
-After installing
-Upgrades
-JDBC applications and Derby basics
-Application development overview
-Derby embedded basics
-Derby JDBC driver
-Derby JDBC database connection URL
-Derby system
-A Derby database
-Connecting to databases
-Working with the database connection URL attributes
-Using in-memory databases
-Working with Derby properties
-Deploying Derby applications
-Deployment issues
-Creating Derby databases for read-only use
-Loading classes from a database
-Derby server-side programming
-Programming database-side JDBC routines
-Programming trigger actions
-Programming Derby-style table functions
-Programming user-defined types
-Controlling Derby application behavior
-The JDBC connection and transaction model
-Result set and cursor mechanisms
-Locking, concurrency, and isolation
-Working with multiple connections to a single database
-Working with multiple threads sharing a single connection
-Working with database threads in an embedded environment
-Working with Derby SQLExceptions in an application
-Using Derby as a J2EE resource manager
-Derby and Security
-Configuring security for your environment
-Working with user authentication
-Users and authorization identifiers
-User authorizations
-Encrypting databases on disk
-Signed jar files
-Notes on the Derby security features
-User authentication and authorization examples
-Running Derby under a security manager
-Developing tools and using Derby with an IDE
-SQL tips
-Localizing Derby
-Derby and standards

 

Derby and Security

Derby can be deployed in a number of ways and in a number of different environments. The security needs of the Derby system are also diverse.

Derby supplies or supports the following optional security mechanisms:

  • User authentication

    Derby verifies user names and passwords before permitting them access to the Derby system.

  • User authorization

    A means of granting specific users permission to read a database or to write to a database.

  • Disk encryption

    A means of encrypting Derby data stored on disk.

  • Validation of Certificate for Signed Jar Files

    In a Java 2 environment, Derby validates certificates for classes loaded from signed jar files.

  • Network encryption and authentication

    Derby network traffic may be encrypted with SSL/TLS. SSL/TLS certificate authentication is also supported. See "Network encryption and authentication with SSL/TLS" in the Derby Server and Administration Guide for details.

The following figure shows some of the Derby security mechanisms at work in a client/server environment. User authentication is performed by accessing an LDAP Directory Service. The data in the database is not encrypted in this trusted environment.
Figure 1. Example of using an LDAP Directory Service in a trusted environment.
This figure shows user authentication from an LDAP directory service to the Derby engine and user authorization to read and write data. The Derby database is a trusted environment and the data is not encrypted.
The following figure shows how another Derby security mechanism, disk encryption, protects data when the recipient might not know how to protect data. It is useful for databases deployed in an embedded environment.
Figure 1. Example of using disk encryption to protect data.
This figure shows disk encryption between the Derby engine and the database.
  • Configuring security for your environment
    In most cases, you enable Derby's security features through the use of properties. It is important to understand the best way of setting properties for your environment.
  • Working with user authentication
    Derby provides support for user authentication. User authentication means that Derby authenticates the name and password for a user before allowing that user access to the system.
  • Users and authorization identifiers
    User names within the Derby system are known as authorization identifiers. The authorization identifier is a string that represents the name of the user, if one was provided in the connection request.
  • User authorizations
    When you specify user authorizations, Derby verifies that a user has been granted permission to access a system, database, object, or SQL action.
  • Encrypting databases on disk
    Derby provides a way for you to encrypt your data on disk.
  • Signed jar files
    In a Java 2 environment, Derby can detect digital signatures on jar files. When attempting to load a class from a signed jar file stored in the database, Derby will verify the validity of the signature.
  • Notes on the Derby security features
    TheDerby security model has some basic limitations.
  • User authentication and authorization examples
    This section provides examples on using user authentication and authorization in Derby in either a client/server environment or in an embedded environment.
  • Running Derby under a security manager
    When running within an application or application server with a Java 2 Security Manager enabled, Derby must be granted certain permissions to execute and access database files.
Related concepts
 

javadb@jdbcurl.com