Francois Orsini (JIRA) wrote: > [ > http://issues.apache.org/jira/browse/DERBY-464?page=comments#action_12356032 > ] > > Francois Orsini commented on DERBY-464: > --------------------------------------- > > The way I implememted users in Cloudscape originally was done in a > "Cloudscape running Embedded" mindset rather than anything else - in a > similar way we what ww have done for permissions via properties - defining > users is one thing, authenticating them via various schemes in another - For > instance today, users defined at the System level, not database one, do not > have their password encrypted for the built-in authentication scheme. I agree > that users can be defined outside of Derby but we can't assume all > organizations have an LDAP server out there - in fact, a lot if not most of > them still don't have one. > > What I have in mind for Derby defined users is the following: > > - Users should be defined at the System level and added to databases as > required (Grant access to a database)
That, to my mind would be a bad step. Currently Derby databases are independent of any system, they are self contained. Thus they can be copied anywhere and continue to work. Adding a dependency on a system database just seems wrong. I've often thought that one mistake made in the early days was to have the concept of a system, the single derby.properties, derby.log file, or reading system properties. Dan.
