db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: derby encryption
Date Tue, 10 May 2005 21:48:21 GMT
Paul Byford wrote:

> hi,
> i intend to deploy derby in embedded form as part of an application. to
> protect the data i would like to use the disk encryption feature.
>  
> the issue i have is that for my application to have access to the
> encrypted database data I must also deploy the bootPassword with the
> application in among one of my application java classes. i am concerned
> someone with access to the java classes will have access to the
> password, and if theydesire they can therefore access the encrypted
> database.
>  
> my requirement is that the data is only made available if the
> bootPassword is provided by my application.
>  
> is this possible in derby at present? the documentation does not
> explicitly cover this.

Yes, typically your application gets the boot password or encryption key
from somewhere and creates a connection request of the correct form
using it. Hard-coding the boot password or an encryption key in your
application code is not secure.

The typical places to get the boot password or key are:

  - prompting the user (boot password)
  - encryption key from a smart card
  - encryption key from a secure key store

Typically all of these require some user interaction, e.g. the PIN for
the smart card, pass phrase for the secure key store.

The presentation Sunitha pointed you to has examples of the JDBC code
required to present the key or password to Derby.
Dan.




Mime
View raw message