Hi Alexander,
User authentication is discussed in the Derby Developer's Guide, in a
section called "Derby and Security".
Hope this helps,
-Rick
Alexander Trauzzi wrote:
Awesome, I'm glad I can collect all these hidden links, but the issue
of per user authentication, similar to what MySQL and other databases
offer is still blocking me.
I guess over a bit of time someone reading this mailing list will
notice this one last question.
I'm happy to see that everyone is doing things to make the network DB
usable out of the box. Certainly a proactive approach to knocking
down barriers to entry will help people like me get further along.
- Alex
On 2/20/07, *Jean T. Anderson* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Alexander Trauzzi wrote:
...
> Also, where, when and how do I use this security file?
there's a little walk through on this starting on slides 36-38 of this
presentation:
http://db.apache.org/derby/binaries/jta-WE15.pdf
hth,
-jean
> Again, much of the explanation of these things in Derby seems
left to the
> Java spec that they conform to - which isn't always the most
user friendly.
>
> - Alex
>
> On 2/20/07, Rick Hillegas <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
>
>>
>> Hi Alexander,
>>
>> In terms of using a Java Security Manager, there will be better
>> out-of-the-box support for a secure network server in the next
feature
>> release (10.3). That work is tracked by
>> https://issues.apache.org/jira/browse/DERBY-2196
<https://issues.apache.org/jira/browse/DERBY-2196>. Right now, you can
>> grab a generic policy file from the development codeline at
>> java/drda/org/apache/derby/drda/server.policy. I will mouse
that file
>> into my reply. You will need to customize some variables in
that file in
>> order to fit it to your particular environment. I hope this helps.
>> Here's the moused-in server policy file:
>>
>> grant codeBase "${derby.install.url}derby.jar"
>> {
>> //
>> // These permissions are needed for everyday, embedded Derby usage.
>> //
>> permission java.lang.RuntimePermission "createClassLoader";
>> permission java.util.PropertyPermission "derby.*", "read";
>> permission java.io.FilePermission "${derby.system.home}","read";
>> permission java.io.FilePermission "${ derby.system.home}${/}-",
>> "read,write,delete";
>>
>> //
>> // This permission lets you backup and restore databases
>> // to and from arbitrary locations in your file system.
>> //
>> // This permission also lets you import/export data to and from
>> // arbitrary locations in your file system.
>> //
>> // You may want to restrict this access to specific directories.
>> //
>> permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
>> };
>>
>> grant codeBase "${derby.install.url}derbynet.jar"
>> {
>> //
>> // This permission lets the Network Server manage connections from
>> clients.
>> //
>> permission java.net.SocketPermission "${derby.drda.host}:*",
"accept";
>> };
>>
>> Alexander Trauzzi wrote:
>> > Greetings to all the Derbites in mailing list land. I have a
rather
>> > simple, but potentially complicated question.
>> >
>> > I grabbed a copy of the latest derby-bin distribution. I ran the
>> > scripts required to run it as a network server, just as a
quick little
>> > test in the console.
>> >
>> > The first concern I have is that anyone seems to have the
ability to
>> > connect to my server and create databases?
>> > I did a bit of searching with Google and also within the
derby site
>> > and came up with all kinds of very complicated and confusing
>> > recommendations to "secure" a server. Some were in the manual,
>> > referring to authentication, others involved using a Java
security
>> > manager. Neither of which were explained in such a way that
I could
>> > easily absorb or put into practical use. Especially the Java
security
>> > manager.
>> >
>> > Is there any resource that is straightforward, concise and
simple that
>> > can help me set up a derby network server that authenticates
based on
>> > username/password pairs? I'm talking MySQL-easy (anyone can
set up a
>> > MySQL server!).
>> >
>> > Thank you to all who reply...
>> >
>> > - Alexander Trauzzi
>>
>>
>
>
--
_________________________________________________
Alexander Trauzzi
