Xavier Vigouroux wrote:
Hi
In my project, I create a database that is access afterwards.
at creation, I would like to "secure" the access.
as a dummy question, what is the usual way to secure an access to the DB
whereas the user is never in the loop. All must be done programmatically?
This isn't a dumb question at all -- it's an excellent question for
Derby because you don't find derby databases in the typical place behind
a locked door.
Derby has a bunch of strategies. Here's a quick overview to help you
decide which one might be right for your application.
*Authentication* restricts access to a database (or all databases in a
system) given a userid and password. Here's an into to authentication:
http://db.apache.org/derby/docs/dev/devguide/cdevcsecure42374.html .
*Authorization* restricts access to objects in a database -- without a
user in the loop, you might not need this, but here's info on it:
http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36595.html .
Also, DERBY-464 adds grant/revoke, but isn't implemented yet.
*Encryption* lets you secure the physical database files -- it encrypts
all the data in tables, indexes, temporary files, the transaction log.
It's great for protecting databases on devices that can't be secured.
Information is here:
http://db.apache.org/derby/docs/dev/devguide/cdevcsecure24366.html .
You can also run your application under a Java 2 Security Manager, which
is especially useful for when you want to allow remote client access
using the Derby Network Server. Information is here:
http://db.apache.org/derby/docs/dev/devguide/cdevcbabejdfj.html .
However, be aware that the sample policy files aren't quite right
(DERBY-701), so if you run into any problems, feel free to ask for help.
Dan Debrunner did a "Securing Data with Apache Derby" at ApacheCon US
2004; you can download his presentation from
http://db.apache.org/derby/papers/ApacheConUs04.html .
I'll be doing a "Apache Derby Security" presentation at ApacheCon US in
December -- shameless plug. :-) I'm hoping to see lots of users there.
regards,
-jean
ps. There's also a developerWorks tutorial that shows how to work with
derby and signed jar files, but I haven't had time to look at it yet:
http://www.ibm.com/developerworks/edu/os-dw-os-ad-buildapp.html
