db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Embretsen <John.Embret...@Sun.COM>
Subject Re: Embedded Security
Date Fri, 04 Jan 2008 10:14:29 GMT
Magnus Prime wrote:
>  
> If I am using an embedded DB, which will have one user only able to 
> connect, what is the best way to do this? 
> Should I use only a boot password?
> Should I use an encrypted database?

Good question - I think the answer depends on your specific requirements.

This topic is mentioned in the Developer's Guide, in the section "Configuring 
security in an embedded environment", e.g. at
http://db.apache.org/derby/docs/dev/devguide/tdevcsecure81850.html.

Encryption/bootPassword is well suited to restrict unauthorized startup (boot) 
of the database. However, if the database is already booted, this will not help 
you at all because only the first connection needs to provide the boot password 
or encryption key. So, unless you have complete control over all connections to 
your database at all times, I think using authentication as well is required.

Then again, database encryption is quite easy to do, and provides an additional 
layer of protection of your data.

My suggestion is to start with database-level user authentication and expand 
with database encryption and/or authorization if needed.

> Better yet, when you first create the DB, you must give it a name.  Now, 
> I want to add DB level properties for users/etc and require you connect 
> with a username/password, how does that work, since at the time of 
> creation, those user do not exist for that db.

First, there is no authentication enabled by default. You enable authentication 
by setting the derby.connection.requireAuthentication property to true. If you 
are using Derby's built-in authentication provider you should always define at 
least one user before you enable authentication (important if you use database 
properties only).

The requireAuthentication property is static, however, so it won't take effect 
until you reboot the database (when defined as a database property).

So, if you are able to create the database in a secure environment:
  - create the database without authentication enabled
  - define one or more users (as database properties)
  - enable authentication (as database property)
  - configure your database to ignore system properties (set the 
derby.database.propertiesOnly database property), otherwise system-defined 
properties may override the database properties.
  - restart the application and the database

If you need to authenticate the very first database boot (creation) as well, you 
can define a (temporary) system-level user and require authentication as system 
properties before booting the embedded driver, then switch to database 
properties only when ready.

One more thing: If you consider using SQL authorization at some point, I believe 
it is wise to think through which user you specify when creating the database, 
since that user will become the database owner [1].

There is lots of information about this in the manuals, but it is (in my 
opinion) not very well organized, so don't be afraid to ask questions on this 
list if you can't find the information you are looking for...

[1]: http://db.apache.org/derby/docs/dev/devguide/cdevcsecureDbOwner.html


-- 
John




Mime
View raw message