Hello!
I have been deving against a Derby DB on which requireAuthentication is true,
the provider is built-in, and all users have been defined in the
derby.properties file (so they are all system level users). This has been
extremely convenient in development, however there are obvious concerns about
having the password stored in plaintext in a file.
Is it possible to require authentication in built-in mode, but have no system
level users defined in derby.properties, rather only defined at database level
(stored internally on the database)?
For example, I have tried disabling requireAuthentication, logging in to the
system, creating a db, and then creating a user against it using these commands:
CALL
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.database.propertiesOnly','true');
CALL
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.connection.requireAuthentication',
'true');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.authentication.provider',
'BUILTIN');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('Derby.user.username', 'password');
Which seems to work, but then if I enable requireAuthentication in
derby.properties, I can no longer log in. I guess this makes sense since the
system level property (and lack of user) overrides the database level property.
So back to my question, is it possible to access an instance in Derby using
only database users without having a system level user in derby.properties in a
way that prohibits people from connecting at a system level and doing whatever
they like?
I'm working with Derby 10.8.x. Reading through the various documentation has
left me a bit confused and I figured I would reach out to the experts. Thank
you for any and all help.
Regards,
Rob DiPietro
