That's correct. By the way, you can also configure the Derby server to only accept connections issued with a particular securityMechanism.
See 'derby.drda.securityMechanism' network server property in

On 8/21/07, Knut Anders Hatlen <> wrote:
David Van Couvering <> writes:

> Hi, all.  Someone asked me if things have changed around password
> encryption in 10.3 - is there some form of encryption by default, or
> is the default still to send the password in the clear?  I scanned the
> "what's new" section of the release page but couldn't find anything
> definitive...

Hi David,

It is my understanding that you still need to add the securityMechanism
attribute to the connection URL in order to get password encryption.

  Clear Text Password security is the default if you do not specify the
  securityMechanism attribute and you specify both the user=userName and
  password=userPassword attributes.

Knut Anders