Security mechanisms supported by the Derby
Derby Server and Administration Guide
24
set, the default security mechanism is both the user id and password. The default user is
APP if no other user is specified.
Table 7.
Security mechanisms supported by the Derby Network Client
Security Mechanism
securityMechanism Property Value
Comments
User id and
password
ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY
(0x03)
Default if password is
set
User id
only
ClientDataSource.USER_ONLY_SECURITY
(0x04)
Default if password is
not set
Strong
password
substitution
ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY
(0x08)
Strong password
substitution can
be used only with
Derby's BUILTIN
authentication
mechanism or
with authentication
disabled. Also,
for the BUILTIN
mechanism, strong
password substitution
does not work for
database-level users
whose password has
been protected by
a custom message
digest algorithm
specified by the derby.authentication.builtin.algorithm
property.
Encrypted
user id and
encrypted
password
ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY
(0x09)
Encryption requires a
JCE implementation
that supports the
Diffie-Hellman
algorithm with a public
prime of 256 bits.
Network client tracing
The Derby Network client provides a tracing facility to collect JDBC trace information and
view protocol flows.
There are various ways to obtain trace output. However, the easiest way to obtain trace
output is to use the
traceFile=path
attribute on the URL in
ij
. The following example
shows all tracing going to the file
trace.out
from an
ij
session.
ij>connect 'jdbc:derby://localhost:1527/mydb;
create=true;traceFile=trace.out;user=user1;password=secret4me';
To append trace information to the specified file, use the
traceFileAppend=true
URL
attribute in addition to
traceFile=path
.
For more information, see "traceFile=path attribute" and "traceFileAppend=true attribute"
in the Derby Reference Manual.
Implementing ClientDataSource tracing
You can use one of three methods to collect tracing data while obtaining connections
from the ClientDataSource:
