Derby and security
Derby Developer's Guide
95
Derby and security
Derby can be deployed in a number of ways and in a number of different environments.
The security needs of the Derby system are also diverse.
Derby supplies or supports the following optional security mechanisms:
· User authentication
Derby verifies user names and passwords before permitting them access to the
Derby system.
· User authorization
A means of granting specific users permission to read a database or to write to a
database.
· Disk encryption
A means of encrypting Derby data stored on disk.
· Validation of certificates for signed jar files
Derby validates certificates for classes loaded from signed jar files.
· Network encryption and authentication
Derby network traffic may be encrypted with SSL/TLS. SSL/TLS certificate
authentication is also supported. See "Network encryption and authentication with
SSL/TLS" in the Derby Server and Administration Guide for details.
The following figure shows some of the Derby security mechanisms at work in a
client/server environment. User authentication is performed by accessing an LDAP
directory service. The data in the database is not encrypted in this trusted environment.
Figure 10.
Using an LDAP directory service in a trusted environment
