On 25/08/2016 15:58, Hohl, Gerrit wrote:
Yes, but an attacker can't access the database if that person is not
on the machine itself.
Exactly.
And in this case I also don't have to encrypt it, right? ;-)
As long as you don't allow remote shells or anything stupid like that.
And if an
On 25/08/2016 10:58, Hohl, Gerrit wrote:
But if that person sniffs the IP traffic on 127.0.0.1, he/she may be
able to read the boot password as well as user and password.
And of course IP traffic to 127.0.0.1 should *never* go outside the
local machine, according to the spec. So any sniffer
Hello Peter,
my point is that I don't need SSL if I only use local connections (accept
connections only on 127.0.0.1) as it may not add any extra security.
If I want to use SSL, I have to put the keys into a keystore in the filesystem.
And the password will also have to be stored somewhere
Just a note on "If a person is already on the machine and would be able to
sniff the local IP traffic, that person may also have access on the files
of Derby.". To prevent this you encrypt the database and carefully manage
encryption key. But if somebody interepts unencrypted network traffic (be
Hello Peter,
hello George,
thank you for your 2 mails. And sorry I didn't reply earlier.
Yes, I also realized that there is no difference between the embedded and the
standalone version.
The only exception is that you have to put the encryption library in the
CLASSPATH of the network
