legolas skrev:
Hi
Thank you for reading my post.
I have a question which i would like to find an answer for it.
here it is :
imagine that we have a derby server running on our internet connected
server.
our client should be able to connect to our server to use some data that we
have in our database server.
Now,
1-how i prevent some of those client that try to use a connection string
like :
jdbc:derby://SERVER_IP/someDatabaseName;create=true
if some of those customer know some database then he/she can create several
database on our server and do what ever he/she wants.
2- how i can intrudude authentication, imagine that i have a list of all
alowed client in a text file or stored in LDAP in my server, Now i want to
be able to authenticate all connections based on user/passwords that i have
in an ldap or text file in my aserver.
Hi,
I would recommend reading the very nice presentation on Derby security
written by Jean. It was presented at ApacheCon 2005, and can be found on
this page: http://db.apache.org/derby/papers/ApacheCon.html
From the top of my head, I think the only way to completely restrict
database creation currently, is to run and configure the Java Security
Manager properly.
You will also most likely want enable user authentication and
authorization. I think you need the security manager to prevent
read-only users to create databases.
For the next release, substantial work is being done on security. You
can find more information here:
http://wiki.apache.org/db-derby/DerbyTenThreeRelease
The specs are being worked out now. If people want to influence this
work, this is the time to join the developer community and present your
opinion!
hope this helps,
--
Kristian
