On 9/19/2011 1:20 PM, José Ventura wrote:
I'm not sure whether making the default value "on" will actually
improve security as a whole. If a developer hasn't given thought to
security, there are plenty of other pitfalls that may compromise an
application (e.g. "where should I store the (previously unneeded yet
now required) username and password?").
On the other hand, if s/he did in fact think about security, then odds
are that are a simple, concise documentation will point him/her to
happily turn on the switch with minimum nuisance, and proceed to
secure the rest of the application.
I think this is a very good point. The claim of "secure by default" is
a very strong claim and may give a false sense of overall security.
Some things, like encryption and perhaps stricter security manager
settings are not part of the default, but might be an important part of
actually securing a particular application. I agree it is good for the
application developer to plan security and for us to make it as easy as
possible for them to do so from a Derby perspective.
Perhaps the conversation of the default is premature. Perhaps we
should first nail down the easy security knob and understand its
behavior and usefulness and then discuss whether it should/could be the
default.
Kathey
