Derby Network Server advanced topics

This section discusses several advanced topics for users of the Derby Network Server.

• Network Server security
  By default, the Derby Network Server listens only on the localhost. Clients must use the localhost host name to connect.
• Controlling database file access
  When Derby creates new files, the visibility of the new file (that is, which users can access it) is normally determined by the JVM environment and the file location only (that is, by the umask setting on UNIX and Linux systems and by the default file permissions on Windows NTFS).
• Running the Network Server under the security manager
  By default, the Network Server boots with a Basic security policy. You are encouraged to customize this policy to fit the security needs of your application and its runtime environment.
• Running the Network Server with user authentication
  By default, the Network Server boots with user authentication disabled. However, it is strongly recommended that you run your Network Server with user authentication enabled.
• Network encryption and authentication with SSL/TLS
  By default, all Derby network traffic is unencrypted, with the exception of user names and user passwords, which may be encrypted separately.
• Configuring the Network Server to handle connections
  You can configure the Network Server to use a specific number of threads to handle connections. You can change the configuration on the command line.
• Controlling logging by using the log file
  The Network Server uses the derby.log file to log problems that it encounters. It also logs connections when the property derby.drda.logConnections is set to true.
• Controlling tracing by using the trace facility
  Use the trace facility only if you are working with technical support and they require tracing information.