Configuring security in an embedded environment

In an embedded environment, typically there is only one database per system, and there are no administrative resources to protect databases.

To configure security in an embedded environment:
  1. Encrypt the database when you create it.
  2. Configure all security features as database-level properties. These properties are stored in the database (which is encrypted). See "Scope of properties" and "Setting database-wide properties" in the Derby Developer's Guide for more information.
  3. Turn on protection for database-level properties so that they cannot be overridden by system properties by setting the derby.database.propertiesOnly property to true. See the Derby Reference Manual for details on this property.
  4. To prevent unauthorized users from accessing databases once they are booted, turn on user authentication and SQL authorization for the database. Use NATIVE authentication or, alternatively, LDAP or a user-defined class.
  5. Configure Java security for your environment.

The following figure shows how disk encryption protects data when the recipient might not know how to protect data. It is useful for databases deployed in an embedded environment.

Figure 1. Using disk encryption to protect data
This figure shows disk encryption between the Derby engine and the database.
Related tasks
Configuring security in a client/server environment