Network client security

The Derby Network Client allows you to select a security mechanism by specifying a value for the securityMechanism property.

You can set the securityMechanism property in one of the following ways: Security mechanisms supported by the Derby Network Client lists the security mechanisms that the Derby Network Client supports, and the corresponding property value to specify to obtain this securityMechanism. The default security mechanism is the user id only if no password is set. If the password is set, the default security mechanism is both the user id and password. The default user is APP if no other user is specified.
Table 1. Security mechanisms supported by the Derby Network Client
Security mechanism securityMechanism property value Comments
User id and password ClientDataSource.CLEAR_TEXT_PASSWORD_SECURITY (0x03) Default if password is set
User id only ClientDataSource.USER_ONLY_SECURITY (0x04) Default if password is not set
Strong password substitution ClientDataSource.STRONG_PASSWORD_SUBSTITUTE_SECURITY (0x08) Strong password substitution cannot be used with external Derby authentication schemes (for example, LDAP). Also, this security mechanism uses the SHA1PRNG algorithm to generate a random number that gets exchanged between client and server. If you need to use this security mechanism, make sure that support for the SHA1PRNG algorithm is available in the JCE provider available with your JVM. For example, it is available with JVM version 1.4.1 and higher from Sun and with JVM version 1.4.2 and higher from IBM.
Encrypted user id and encrypted password ClientDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY (0x09) Encryption requires a JCE implementation that supports the Diffie-Hellman algorithm with a public prime of 256 bits.
Related concepts
Accessing the Network Server by using the DB2 Driver for JDBC
Related reference
Network client tracing
Network client driver examples