db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen" <John.Embret...@Sun.COM>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 19:11:18 GMT
Alexander Trauzzi wrote:
> Awesome, I'm glad I can collect all these hidden links, but the issue of 
> per user authentication, similar to what MySQL and other databases offer 
> is still blocking me.
> 
> I guess over a bit of time someone reading this mailing list will notice 
> this one last question.

Well, I'm not too familiar with what kind of authentication MySQL 
provides, so you would have to be more specific if my answer is not 
satisfactory...

In my opinion, the most simple and straight-forward way to implement 
user authentication with usernames/password pairs is to use Derby's 
BUILTIN authentication mechanism. This is explained in the pdf referred 
to by Jean earlier in this thread, but here's a short explanation:

1. Create a derby.properties file containing the following:

derby.connection.requireAuthentication=true
derby.authentication.provider=BUILTIN
derby.user.Alice=alicePassword
derby.user.Bob=bobPassword

Of course, replace Alice and Bob and their passwords with something you 
prefer.

2. Place the derby.properties file in the directory from which you 
intend to start the server.

3. Start the Network Server the way you prefer.

(e.g: java -jar myDerbyDir/lib/derbyrun.jar server start)

4. Connect to the server/database using the ClientDriver. You will have 
to include the user= and password= attributes in the connection URL, for 
example (in IJ):

  connect 
'jdbc:derby://localhost:1527/myDB;create=true;user=Alice;password=alicePassword';


Now, Alice and Bob are the only ones with access to your Derby system.
You will have to decide if this is the correct level of security for 
your application...


-- 
John



Mime
View raw message