db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m96 <...@gmx.li>
Subject Re: Users authentication - design problem
Date Thu, 31 May 2007 05:24:22 GMT
hi,

a few thoughts...
I don't think that any of your users have the knowledge to copy and boot
the database. or the intention to change the data in your database,
therefore you could just create a jar file and embed it. and when your
application does not support modifications on the database then you are
safe.

on the other side i can understand your need to access restriction if
your application must be GxP compliant and so you need to proof that
no-one has changed the data in your db. so the idea would be creating a
generic user and root user. the generic user with the a std pwd that
publicly known (also to the application it-self) could read the data.
and only root could modify the data.

encryption makes only sense if you keep the boot pwd secret. which won't
be the case in your situation.

cheers...


On Wed, 2007-05-30 at 20:42 +0200, Stanley Styszynski wrote:
> Hello,
> 
> My name is Stanley and I'm working on application which will offer
> opportunity to simulate the effects of changes in insulin and diet on
> the blood glucose profile of a diabetic patient. It will be a
> multiuser, desktop application with Apache Derby inside. 
> 
> I would not like to grant any of the users the administrative
> privileges. Every user (added using special form in my application)
> should be equal. No one should be able to see or modify other users
> results or database settings. I plan to dynamically create a root user
> (when my application will be launched for the first time). Root's user
> name and password will be created dynamically (current time multiplied
> by random value and SHA-256). This data will be stored in separate
> text file(encrypted) and it's content will be read by the application
> to enable adding new users. I plan to encrypt a database so only my
> application will be able to boot it.
> Then, application itself, will be controlling access to the propriate
> pieces of data. It should be easy when we take into account that my
> application is using built-in driver (no network connection at all,
> database is integrated with application).
> 
> Is this solution good? Maybe there are others who encountered such a
> "problem" and could share their knowledge?
> 
> Regards,
> 
> Stanley
> 


Mime
View raw message