The following tips should help you write and deploy safer
applications that use Derby.
- Create a launch account: Create an operating system account for the
System Administrator. This will be the account that launches
Derby. This account should
not be the operating system's superuser.
- Limit file permissions: Limit the file permissions of this System
Administrator account to just the directories that the application should be
allowed to read and write. Do not grant read or write access on these
directories to any other operating system accounts.
- Prevent JDBC leaks: Do not let JDBC connections leak outside your
intranet's firewall. If possible, design your application so that external
clients talk to an application server, which in turn communicates with
Derby. Limit the JDBC
connections to communication between the application server and
Derby.
- Protect against injection: Do not construct queries by concatenating
strings that are filled in by clients. To parameterize your queries, use JDBC
? parameters in PreparedStatements.
- Deploy your shields: By default, enable all defenses mentioned in
this section. If you need to turn off a defense for performance reasons, then
carefully consider how you will protect your application from the threats which
that defense parries.