db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: Users authentication - design problem
Date Mon, 18 Jun 2007 20:06:05 GMT
Hi Stanley,

Yes, this is a good approach. I'm assuming that it is ok for users to have
their separated (and encrypted) data sets which do not need to be reconciled
or joined accross all the users? You can create separate databases and
encrypt each of them based on some encryption pass-phrase entered by each
user (such as a password they would have to enter to access and encrypt
their data automatically), upon logging in to the application. You may want
to implement some auto-logout to shutdown the database when there is no
activity after a period of time...Additionally, you can use GRANT/REVOKE
(authorization) statements to enforce that only a particular user can have
access to the data for a particular database (if this last one has not been
closed when a user logs off - which of course should be taken care by the
application and ensuring the database gets closed upon inactivity or log off
for a user).

Since, it is an application shared across one single desktop, it should be
fine as only one user will be able to use the application and open its
encrypted database (with its data sets) to manipulate it. Of course, you can
always add security at the OS level to re-enforce access restriction to some
database directory, as long as the Derby engine can have access to it...



On 6/18/07, Stanley Styszynski <diabeteo@gmail.com> wrote:
> Hello,
> Once again thanks for your responses.
> I decided that my application will be creating a hidden directory with
> database files in user's home directory at first use. It means that there
> will be separate databases for each user on a particular machine. This
> allows to encrypt the database and prevents users from seeing each other's
> measurements.
> Is this a right approach? I hope so ;)
> Later on, I plan to create a server side application (to keep track of
> many patients measurements in the hospital) and then I will probably use
> JavaCards (I would like to thank Mr Francois Orsini for pointing it out).
> Regards,
> Stanley

View raw message