Xavier Vigouroux wrote:
Hi
In my project, I create a database that is access afterwards.
at creation, I would like to "secure" the access.
as a dummy question, what is the usual way to secure an access to the DB
whereas the user is never in the loop. All must be done programmatically?
Can you elaborate on what you mean by 'secure' here...
If you want to restrict access to the database with respect to which
user can connect to derby database, you could turn on user authentication.
To set user authentication, the property is
derby.connection.requireAuthentication=true
Before this, you would have to set users that can access the database.
http://db.apache.org/derby/docs/dev/devguide/cdevcsecure21547.html#cdevcsecure21547
http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36127.html
E.g. for default builtin authentication provided by derby, you would
have to set the following property to define a user 'sunitha' with
password 'pwd'
derby.user.sunitha=pwd
Now to connect to derby, you would have to ensure that the userid,
password combination is correct and valid , otherwise you will get the
error 'Connection refused:Invalid authentication'.
$ java org.apache.derby.tools.ij
ij version 10.2
ij> connect 'jdbc:derby:testdb;create=true;user=sunitha;password=pwd';
ij> connect 'jdbc:derby:testdb;create=true;user=sunitha;password=pwd2';
ERROR 08004: Connection refused : Invalid authentication.
ij> connect 'jdbc:derby:testdb;create=true;user=sunitha2;password=pwd2';
ERROR 08004: Connection refused : Invalid authentication.
ij>
HTH,
Sunitha.
