db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kristian Waagan <Kristian.Waa...@Sun.COM>
Subject Re: how i can prevent people from connecting and creating database in my server ?
Date Sun, 28 Jan 2007 14:16:05 GMT
legolas skrev:
> Hi
> Thank you for reading my post.
> I have a question which i would like to find an answer for it.
> here it is :
>
> imagine that we have a derby server running on our internet connected
> server.
> our client should be able to connect to our server to use some data that we
> have in our database server.
>
> Now,
> 1-how i prevent some of those client that try to use a connection string
> like :
>
> jdbc:derby://SERVER_IP/someDatabaseName;create=true
>
> if some of those customer know some database then he/she can create several
> database on our server and do what ever he/she wants.
>
>
> 2- how i can intrudude authentication, imagine that i have a list of all
> alowed  client in a text file or stored in LDAP in my server, Now i want to
> be able to authenticate all connections based on user/passwords that i have
> in an ldap or text file in my aserver.
>   
Hi,

I would recommend reading the very nice presentation on Derby security 
written by Jean. It was presented at ApacheCon 2005, and can be found on 
this page: http://db.apache.org/derby/papers/ApacheCon.html

 From the top of my head, I think the only way to completely restrict 
database creation currently, is to run and configure the Java Security 
Manager properly.
You will also most likely want enable user authentication and 
authorization. I think you need the security manager to prevent 
read-only users to create databases.

For the next release, substantial work is being done on security. You 
can find more information here: 
http://wiki.apache.org/db-derby/DerbyTenThreeRelease
The specs are being worked out now. If people want to influence this 
work, this is the time to join the developer community and present your 
opinion!


hope this helps,
-- 
Kristian


Mime
View raw message