db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew McIntyre" <mcintyr...@gmail.com>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 19:42:25 GMT
On 2/20/07, Alexander Trauzzi <atrauzzi@gmail.com> wrote:
> This is all very helpful.  I will make a few notes however that you can take
> away from this...
> The method to implement encrypted passwords is far too complicated and
> involved for someone like myself who just wants to set up a secure server.
> This is mainly because nothing is said about what has to be done client side
> to ensure that the password being transmitted is what the server will end up
> wanting.  Does the derby client network driver automatically encrypt
> passwords once the property is placed in the connection string?

Unfortunately, the documentation mentions the DataSource values, but
not the connection attributes. To connect using the strong substitute
password, add securityMechanism=8 to the connection URL, e.g.:

connect 'jdbc:derby:myDB;user=andrew;pass=newderbyuser;securityMechanism=8';

That's all you need to do. The connection will use the strong password
substitute security mechanism. Encrypted username/password is security
mechanism 9, but note that it currently only works with IBM JVMs.

The docs could use some definite improvement here, and there is a JIRA
entry entered for using user-friendly string values for the connection
URLs instead of numbers:


> It seems like there is a glut of property settings being used here on both
> client and server side and my wires are getting crossed trying to keep them
> straight.  Ultimately this is impacting how easy it is to configure a derby
> server.  Perhaps is there an index of connection string and server
> properties somewhere?
> How do I distinguish when a setting is for a database, or the system?

There is an index of the various properties in the Tuning guide, see
the section "Derby Properties":


There is discussion of static vs. dynamic and database vs. system scope there.

There is a list of connection attributes in the Reference manual:


> Do properties that I set via a configuration file get retained between loads
> - as in, is it a needed only once thing?  Can I delete the file and still
> have it's settings taking effect on a database between loads?

No. For property settings to be retained in absence of a property
file, you need to set them at the database level using the
SYSCS_SET_DATABASE_PROPERTY procedures mentioned earlier so that the
setting is stored in the database.

> Entire DB instance?

Properties set that way affect a single database, but not the entire
system. To set system properties, your application should call

Hope that helps,

View raw message