db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert DiPietro <Robert.DiPie...@accelrys.com>
Subject Authentication and passwords in derby.properties
Date Fri, 13 Jan 2012 18:40:56 GMT
Hello!

I have been deving against a Derby DB on which requireAuthentication is true, the provider
is built-in, and all users have been defined in the derby.properties file (so they are all
system level users). This has been extremely convenient in development, however there are
obvious concerns about having the password stored in plaintext in a file.

Is it possible to require authentication in built-in mode, but have no system level users
defined in derby.properties, rather only defined at database level (stored internally on the
database)?

For example, I have tried disabling requireAuthentication, logging in to the system, creating
a db, and then creating a user against it using these commands:

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.database.propertiesOnly','true');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.connection.requireAuthentication', 'true');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.authentication.provider', 'BUILTIN');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.user.username', 'password');

Which seems to work, but then if I enable requireAuthentication in derby.properties, I can
no longer log in. I guess this makes sense since the system level property (and lack of user)
overrides the database level property.

So back to my question, is it possible to access an instance in Derby using only database
users without having a system level user in derby.properties in a way that prohibits people
from connecting at a system level and doing whatever they like?

I'm working with Derby 10.8.x. Reading through the various documentation has left me a bit
confused and I figured I would reach out to the experts. Thank you for any and all help.

Regards,

Rob DiPietro




Mime
View raw message