db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunitha Kambhampati <ksunitha...@gmail.com>
Subject Re: derby encryption
Date Tue, 10 May 2005 21:28:58 GMT
Paul Byford wrote:

> hi,
> i intend to deploy derby in embedded form as part of an application. 
> to protect the data i would like to use the disk encryption feature.
>  
> the issue i have is that for my application to have access to the 
> encrypted database data I must also deploy the bootPassword with the 
> application in among one of my application java classes.

Maybe I am not understanding this correctly, but is it possible to not 
store the bootPassword in your app java classes but let the application 
provide it at runtime. and use it when connecting to database ?

> i am concerned someone with access to the java classes will have 
> access to the password, and if theydesire they can therefore access 
> the encrypted database.
>  
> my requirement is that the data is only made available if the 
> bootPassword is provided by my application.
>   <>is this possible in derby at present? the documentation does not 
> explicitly cover this.

 Derby supports data encryption.

so once you have created an encrypted database, you must supply the boot 
password to reboot it. Once the database is booted, all connections can 
access the database without the boot password. Only a connection that 
boots the database requires the key.  Also note - The boot password is 
not meant to prevent unauthorized connections to the database once it 
has been booted. To protect a database once it has been booted, turn on 
user authentication

This link to the manual gives some details on encrypting data using 
Derby  
http://incubator.apache.org/derby/manuals/develop/develop115.html#Working+with+Encryption

Also on the Derby website ( papers tab), there is a presentation by Dan 
Debrunner about securing data with derby that might be helpful -  
http://incubator.apache.org/derby/binaries/djd_derby_security.pdf

Please feel free to post to the list if you have more questions.

Sunitha.

Mime
View raw message