db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charlie Kelly <Char...@CharlieKelly.com>
Subject Re: Need help in designing secure database application
Date Sat, 13 Feb 2010 03:36:42 GMT
Hi Tushar,

You are describing a difficult task.

One approach is to encrypt data before they are stored in a database.
In this case, you need a secure method creating and distributing keys.

See http://www.bouncycastle.org/ for encryption libraries that are 
written in Java.

HTH

Charlie


Tushar Kale wrote:
> The use case is as follows. 
>
> The application uses embedded derby. The information in the database needs
> to be secured. Users should not be able to list tables and table columns or
> get the data using select statements.
>
> My original thought was to implement the application logic as stored
> procedures, create a user in the database and give this user (who is not a
> database owner) the execute permission on stored procedures. Java
> application will use the CALL statements only and not select statements. I
> need to  use connection authorization and SQL authorization both. 
>
> In the JAva program, user name and password will be used to connect to the
> database. My problem is, if I start the database with user name and
> password, this user cannot shutdown the database as he is not the database
> owner. I don't want to use the database owner name and password in the Java
> program as user can decompile the Java program and get the database owner
> name and password. 
>
> In short, here is what I am trying to achieve:
>
> Create and encrypt database with database owner name and password. 
> Create user in the database with user name and password
> Grant Execute permission to user on stored procedures
> In the Java program, use user name and password to start the database
> Use Call statements to execute business logic
> Shutdown the database when done.
>
> I am not sure how to proceed. Any guidance in implementing will be
> appreciated.
>
>   


Mime
View raw message