The use case is as follows. The application uses embedded derby. The information in the database needs to be secured. Users should not be able to list tables and table columns or get the data using select statements.
My original thought was to implement the application logic as stored procedures, create a user in the database and give this user (who is not a database owner) the execute permission on stored procedures. Java application will use the CALL statements only and not select statements. I need to use connection authorization and SQL authorization both. In the JAva program, user name and password will be used to connect to the database. My problem is, if I start the database with user name and password, this user cannot shutdown the database as he is not the database owner. I don't want to use the database owner name and password in the Java program as user can decompile the Java program and get the database owner name and password. In short, here is what I am trying to achieve: Create and encrypt database with database owner name and password. Create user in the database with user name and password Grant Execute permission to user on stored procedures In the Java program, use user name and password to start the database Use Call statements to execute business logic Shutdown the database when done. I am not sure how to proceed. Any guidance in implementing will be appreciated. -- View this message in context: http://old.nabble.com/Need-help-in-designing-secure-database-application-tp27572103p27572103.html Sent from the Apache Derby Users mailing list archive at Nabble.com.
