db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex O'Ree" <alexo...@apache.org>
Subject Re: any security how to guides for a hybrid derby setup?
Date Tue, 11 Dec 2018 19:56:54 GMT
Thanks Rick. It helps, but only in identifying what my next steps are. I
may make a patch that enable some additional options for loading keystore
data in a networked+embedded setup as well as possibly programmatic access
to get/set all derby properties.

On Tue, Dec 11, 2018, 1:34 PM Rick Hillegas <rick.hillegas@gmail.com wrote:

> For SSL/TLS protected connections, Derby relies on the SSL/TLS support
> provided by the JVM. So this is a JVM-configuration question. Here is the
> top answer which I get when I google for "application specific keystore in
> multi-tenant java jvm":
> https://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm
>
> Hope this helps,
> -Rick
>
> On 12/11/18 6:20 AM, Alex O'Ree wrote:
>
> The derby security guide for enabling tls connection supports only loading
> the keystore location/password from the global system properties. Is there
> a way to provide this programmatically? I'd rather not define this setting
> globally within the jvm as it's shared with tomcat and a number of other
> components.
>
> There is a NetworkServerControl#getCurrentProperties() method. Can i
> inject the javax.net.ssl properties through there before starting the
> server?
>
> On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas <rick.hillegas@gmail.com>
> wrote:
>
>> On 11/26/18 3:58 PM, Alex O'Ree wrote:
>> > My primary use case is to use an embedded derby within my webapp for
>> > storage and whatnot. I also have another requirement to provide
>> > localhost (and possible remote access) to the database via jdbc
>> > connection. I know how to get derby up and running programmatically in
>> > embedded mode and with the network connection, however I'm not super
>> > sure how to wire up authentication, permissions, ssl/tls, etc. Is
>> > there a guide somewhere for configuring this?
>>
>> Hi Alex,
>>
>> The Derby Security Guide should have all the information you need:
>> http://db.apache.org/derby/docs/10.14/security/index.html
>>
>> Hope this helps,
>>
>> -Rick
>>
>>
>

Mime
View raw message