[
https://issues.apache.org/jira/browse/DERBY-6217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915058#comment-13915058
]
Kim Haase commented on DERBY-6217:
----------------------------------
Here is a proposed high-level documentation plan for this guide. I welcome
comments.
The Security Guide will provide introductory material from a revised (but as
yet unpublished) version of Rick Hillegas's "Java DB Security" white paper, the
previous version of which is reachable from
http://db.apache.org/derby/blogs/index.html.
Much of the substance will consist of rearranged and slightly rewritten
versions of the Developer's Guide section "Configuring Security for Derby".
In addition, several topics from the Admin Guide will be moved to this manual:
the "User authentication differences" section and the first five sections under
"Derby Network Server advanced topics".
The introductory section based on the white paper will include these topics:
Why databases need security
- Vulnerabilities of unsecured databases
- Threats to unsecured databases
Defenses against security threats
- Derby defenses against threats
- Defenses outside of Derby
Defenses mapped to threats
Designing safer Derby applications
The rearrangement of the Developer's Guide and Admin Guide material will follow
the ordering of the appendixes in the white paper, which proceeds from simple
to complex. It will incorporate material from the white paper and from the
guides as appropriate:
Configuring database encryption
Configuring SSL/TLS
Configuring LDAP authentication
Configuring NATIVE authentication
Configuring coarse-grained authentication
Configuring fine-grained authentication
Configuring Java security
Restricting file permissions
Putting it all together
Security terminology
> Put all of the security documentation in a single, separate user guide
> ----------------------------------------------------------------------
>
> Key: DERBY-6217
> URL: https://issues.apache.org/jira/browse/DERBY-6217
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
>
> Right now the security documentation is divided among our user guides. This
> makes is hard for customers to understand Derby's defenses and how to
> configure all relevant security mechanisms for an application. As
> demonstrated by the discussion on DERBY-6160, some security mechanisms
> involve multiple Derby jar files and multiple application tiers. Material for
> these mechanisms is scattered across the existing user guides. It would be
> less confusing if all of Derby's security documentation were separated out
> into a new Security Guide.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
