Security terminology

In discussing Derby defenses, the following terms are useful.

A person or organization that seeks to compromise the security of a system.
The harm done to a system by an attacker. Includes denial-of-service, theft of secrets, and corruption of data.
Database Owner
The person who creates a database and configures its security.
An attacker, such as a disgruntled co-worker, who operates inside the firewall and enjoys the presumption of friendliness.
A program that compromises security, such as a virus, worm, or spider.
An attacker who operates outside the firewall.
System Administrator
The account that launches Derby and is responsible for configuring the security of the Derby system.
A mechanism for compromising the security of a system, such as man-in-the-middle or SQL injection.
A person authorized to use a Derby application.
A feature of Derby that attackers can exploit in order to cause damage.
Related concepts
Why databases need security
Defenses against security threats
Defenses mapped to threats
Designing safer Derby applications