Configuring security in an embedded environment

In an embedded environment, typically there is only one database per system and there are no administrative resources to protect databases.

To configure security in an embedded environment:
  1. Encrypt the database when you create it.
  2. Configure all security features as database-level properties. These properties are stored in the database (which is encrypted). See Scope of properties and Setting database-wide properties for more information.
  3. Turn on protection for database-level properties so that they cannot be overridden by system properties by setting the derby.database.propertiesOnly property to TRUE. See the Derby Reference Manual for details on this property.
  4. To prevent unauthorized users from accessing databases once they are booted, turn on user authentication for the database and configure user authorization for the database.
  5. If you are using Derby's built-in users, configure each user as a database-level property so that user names and passwords can be encrypted.
    Important: Derby's built-in authentication mechanism is suitable only for development and testing purposes. It is strongly recommended that production systems rely on LDAP or a user-defined class for authentication. It is also strongly recommended that production systems protect network connections with SSL/TLS.