On 8/25/2016 7:58 AM, Hohl, Gerrit wrote:
Yes, but an attacker can't access the database if that person is not on the
machine itself.
Is SELinux enabled ?
And in this case I also don't have to encrypt it, right? ;-)
Regards,
Gerrit
-----Ursprüngliche Nachricht-----
Von: John English [mailto:[email protected]]
Gesendet: Donnerstag, 25. August 2016 10:14
An: Derby Discussion
Betreff: Re: AW: Use Apache Derby Network Server with encrypted database
On 25/08/2016 10:58, Hohl, Gerrit wrote:
But if that person sniffs the IP traffic on 127.0.0.1, he/she may be
able to read the boot password as well as user and password.
And of course IP traffic to 127.0.0.1 should *never* go outside the local
machine, according to the spec. So any sniffer would have to be logged in on
the local machine itself, in which case you're probably in trouble anyway.
--
John English
