Yes, but an attacker can't access the database if that person is not on the machine itself. And in this case I also don't have to encrypt it, right? ;-)
Regards, Gerrit -----Ursprüngliche Nachricht----- Von: John English [mailto:john.fore...@gmail.com] Gesendet: Donnerstag, 25. August 2016 10:14 An: Derby Discussion Betreff: Re: AW: Use Apache Derby Network Server with encrypted database On 25/08/2016 10:58, Hohl, Gerrit wrote: > But if that person sniffs the IP traffic on 127.0.0.1, he/she may be > able to read the boot password as well as user and password. And of course IP traffic to 127.0.0.1 should *never* go outside the local machine, according to the spec. So any sniffer would have to be logged in on the local machine itself, in which case you're probably in trouble anyway. -- John English
