Awesome, I'm glad I can collect all these hidden links, but the issue of per user authentication, similar to what MySQL and other databases offer is still blocking me.

I guess over a bit of time someone reading this mailing list will notice this one last question.

I'm happy to see that everyone is doing things to make the network DB usable out of the box.  Certainly a proactive approach to knocking down barriers to entry will help people like me get further along.

- Alex

On 2/20/07, Jean T. Anderson <jta@bristowhill.com> wrote:
Alexander Trauzzi wrote:
...
> Also, where, when and how do I use this security file?

there's a little walk through on this starting on slides 36-38 of this
presentation:

   http://db.apache.org/derby/binaries/jta-WE15.pdf

hth,

-jean


> Again, much of the explanation of these things in Derby seems left to the
> Java spec that they conform to - which isn't always the most user friendly.
>
> - Alex
>
> On 2/20/07, Rick Hillegas <Richard.Hillegas@sun.com> wrote:
>
>>
>> Hi Alexander,
>>
>> In terms of using a Java Security Manager, there will be better
>> out-of-the-box support for a secure network server in the next feature
>> release (10.3). That work is tracked by
>> https://issues.apache.org/jira/browse/DERBY-2196 . Right now, you can
>> grab a generic policy file from the development codeline at
>> java/drda/org/apache/derby/drda/server.policy. I will mouse that file
>> into my reply. You will need to customize some variables in that file in
>> order to fit it  to your particular environment. I hope this helps.
>> Here's the moused-in server policy file:
>>
>> grant codeBase "${derby.install.url}derby.jar"
>> {
>> //
>> // These permissions are needed for everyday, embedded Derby usage.
>> //
>>   permission java.lang.RuntimePermission "createClassLoader";
>>   permission java.util.PropertyPermission "derby.*", "read";
>>   permission java.io.FilePermission "${derby.system.home}","read";
>>   permission java.io.FilePermission "${ derby.system.home}${/}-",
>> "read,write,delete";
>>
>> //
>> // This permission lets you backup and restore databases
>> // to and from arbitrary locations in your file system.
>> //
>> // This permission also lets you import/export data to and from
>> // arbitrary locations in your file system.
>> //
>> // You may want to restrict this access to specific directories.
>> //
>>   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
>> };
>>
>> grant codeBase "${derby.install.url}derbynet.jar"
>> {
>> //
>> // This permission lets the Network Server manage connections from
>> clients.
>> //
>>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
>> };
>>
>> Alexander Trauzzi wrote:
>> > Greetings to all the Derbites in mailing list land.  I have a rather
>> > simple, but potentially complicated question.
>> >
>> > I grabbed a copy of the latest derby-bin distribution.  I ran the
>> > scripts required to run it as a network server, just as a quick little
>> > test in the console.
>> >
>> > The first concern I have is that anyone seems to have the ability to
>> > connect to my server and create databases?
>> > I did a bit of searching with Google and also within the derby site
>> > and came up with all kinds of very complicated and confusing
>> > recommendations to "secure" a server.  Some were in the manual,
>> > referring to authentication, others involved using a Java security
>> > manager.  Neither of which were explained in such a way that I could
>> > easily absorb or put into practical use.  Especially the Java security
>> > manager.
>> >
>> > Is there any resource that is straightforward, concise and simple that
>> > can help me set up a derby network server that authenticates based on
>> > username/password pairs?  I'm talking MySQL-easy (anyone can set up a
>> > MySQL server!).
>> >
>> > Thank you to all who reply...
>> >
>> > - Alexander Trauzzi
>>
>>
>
>




--
_________________________________________________

    Alexander Trauzzi