Re: any security how to guides for a hybrid derby setup?

2018-12-11 Thread Alex O'Ree 
Thanks Rick. It helps, but only in identifying what my next steps are. I
may make a patch that enable some additional options for loading keystore
data in a networked+embedded setup as well as possibly programmatic access
to get/set all derby properties.

On Tue, Dec 11, 2018, 1:34 PM Rick Hillegas  For SSL/TLS protected connections, Derby relies on the SSL/TLS support
> provided by the JVM. So this is a JVM-configuration question. Here is the
> top answer which I get when I google for "application specific keystore in
> multi-tenant java jvm":
> https://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm
>
> Hope this helps,
> -Rick
>
> On 12/11/18 6:20 AM, Alex O'Ree wrote:
>
> The derby security guide for enabling tls connection supports only loading
> the keystore location/password from the global system properties. Is there
> a way to provide this programmatically? I'd rather not define this setting
> globally within the jvm as it's shared with tomcat and a number of other
> components.
>
> There is a NetworkServerControl#getCurrentProperties() method. Can i
> inject the javax.net.ssl properties through there before starting the
> server?
>
> On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas 
> wrote:
>
>> On 11/26/18 3:58 PM, Alex O'Ree wrote:
>> > My primary use case is to use an embedded derby within my webapp for
>> > storage and whatnot. I also have another requirement to provide
>> > localhost (and possible remote access) to the database via jdbc
>> > connection. I know how to get derby up and running programmatically in
>> > embedded mode and with the network connection, however I'm not super
>> > sure how to wire up authentication, permissions, ssl/tls, etc. Is
>> > there a guide somewhere for configuring this?
>>
>> Hi Alex,
>>
>> The Derby Security Guide should have all the information you need:
>> http://db.apache.org/derby/docs/10.14/security/index.html
>>
>> Hope this helps,
>>
>> -Rick
>>
>>
>

Re: any security how to guides for a hybrid derby setup?

2018-12-11 Thread Rick Hillegas 
For SSL/TLS protected connections, Derby relies on the SSL/TLS support 
provided by the JVM. So this is a JVM-configuration question. Here is 
the top answer which I get when I google for "application specific 
keystore in multi-tenant java jvm": 
https://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm


Hope this helps,
-Rick

On 12/11/18 6:20 AM, Alex O'Ree wrote:
The derby security guide for enabling tls connection supports only 
loading the keystore location/password from the global system 
properties. Is there a way to provide this programmatically? I'd 
rather not define this setting globally within the jvm as it's shared 
with tomcat and a number of other components.


There is a NetworkServerControl#getCurrentProperties() method. Can i 
inject the javax.net.ssl properties through there before starting the 
server?


On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas > wrote:


On 11/26/18 3:58 PM, Alex O'Ree wrote:
> My primary use case is to use an embedded derby within my webapp
for
> storage and whatnot. I also have another requirement to provide
> localhost (and possible remote access) to the database via jdbc
> connection. I know how to get derby up and running
programmatically in
> embedded mode and with the network connection, however I'm not
super
> sure how to wire up authentication, permissions, ssl/tls, etc. Is
> there a guide somewhere for configuring this?

Hi Alex,

The Derby Security Guide should have all the information you need:
http://db.apache.org/derby/docs/10.14/security/index.html

Hope this helps,

-Rick

Re: any security how to guides for a hybrid derby setup?

2018-12-11 Thread Peter 
Hello Alex,

We are doing this:

System.setProperty("javax.net.ssl.keyStore", config.getKeyStorePath());
System.setProperty("javax.net.ssl.keyStorePassword",
config.getKeyStorePassword());

Kind Regards
Peter

Am 11.12.18 um 15:20 schrieb Alex O'Ree:
> The derby security guide for enabling tls connection supports only
> loading the keystore location/password from the global system
> properties. Is there a way to provide this programmatically? I'd
> rather not define this setting globally within the jvm as it's shared
> with tomcat and a number of other components.
>
> There is a NetworkServerControl#getCurrentProperties() method. Can i
> inject the javax.net.ssl properties through there before starting the
> server?
>
> On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas  > wrote:
>
> On 11/26/18 3:58 PM, Alex O'Ree wrote:
> > My primary use case is to use an embedded derby within my webapp
> for
> > storage and whatnot. I also have another requirement to provide
> > localhost (and possible remote access) to the database via jdbc
> > connection. I know how to get derby up and running
> programmatically in
> > embedded mode and with the network connection, however I'm not
> super
> > sure how to wire up authentication, permissions, ssl/tls, etc. Is
> > there a guide somewhere for configuring this?
>
> Hi Alex,
>
> The Derby Security Guide should have all the information you need:
> http://db.apache.org/derby/docs/10.14/security/index.html
>
> Hope this helps,
>
> -Rick
>

Re: any security how to guides for a hybrid derby setup?

2018-12-11 Thread Alex O'Ree 
The derby security guide for enabling tls connection supports only loading
the keystore location/password from the global system properties. Is there
a way to provide this programmatically? I'd rather not define this setting
globally within the jvm as it's shared with tomcat and a number of other
components.

There is a NetworkServerControl#getCurrentProperties() method. Can i inject
the javax.net.ssl properties through there before starting the server?

On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas 
wrote:

> On 11/26/18 3:58 PM, Alex O'Ree wrote:
> > My primary use case is to use an embedded derby within my webapp for
> > storage and whatnot. I also have another requirement to provide
> > localhost (and possible remote access) to the database via jdbc
> > connection. I know how to get derby up and running programmatically in
> > embedded mode and with the network connection, however I'm not super
> > sure how to wire up authentication, permissions, ssl/tls, etc. Is
> > there a guide somewhere for configuring this?
>
> Hi Alex,
>
> The Derby Security Guide should have all the information you need:
> http://db.apache.org/derby/docs/10.14/security/index.html
>
> Hope this helps,
>
> -Rick
>
>

Re: any security how to guides for a hybrid derby setup?

2018-11-26 Thread Alex O'Ree 
perfect, thanks!

On Mon, Nov 26, 2018 at 7:10 PM Rick Hillegas 
wrote:

> On 11/26/18 3:58 PM, Alex O'Ree wrote:
> > My primary use case is to use an embedded derby within my webapp for
> > storage and whatnot. I also have another requirement to provide
> > localhost (and possible remote access) to the database via jdbc
> > connection. I know how to get derby up and running programmatically in
> > embedded mode and with the network connection, however I'm not super
> > sure how to wire up authentication, permissions, ssl/tls, etc. Is
> > there a guide somewhere for configuring this?
>
> Hi Alex,
>
> The Derby Security Guide should have all the information you need:
> http://db.apache.org/derby/docs/10.14/security/index.html
>
> Hope this helps,
>
> -Rick
>
>

Re: any security how to guides for a hybrid derby setup?

2018-11-26 Thread Rick Hillegas 

On 11/26/18 3:58 PM, Alex O'Ree wrote:
My primary use case is to use an embedded derby within my webapp for 
storage and whatnot. I also have another requirement to provide 
localhost (and possible remote access) to the database via jdbc 
connection. I know how to get derby up and running programmatically in 
embedded mode and with the network connection, however I'm not super 
sure how to wire up authentication, permissions, ssl/tls, etc. Is 
there a guide somewhere for configuring this?


Hi Alex,

The Derby Security Guide should have all the information you need: 
http://db.apache.org/derby/docs/10.14/security/index.html


Hope this helps,

-Rick

any security how to guides for a hybrid derby setup?

2018-11-26 Thread Alex O'Ree 
My primary use case is to use an embedded derby within my webapp for
storage and whatnot. I also have another requirement to provide localhost
(and possible remote access) to the database via jdbc connection. I know
how to get derby up and running programmatically in embedded mode and with
the network connection, however I'm not super sure how to wire up
authentication, permissions, ssl/tls, etc. Is there a guide somewhere for
configuring this?