Derby and security

[running <ru...@gmail.com>]

Hello,

I have a question. I use Derby in my own client/server application. I
use Java Persistence API on the client; I authenticate user through
name and password. The data go through the internet.

However, I am not sure if the data itself (meaning queries and, more
importantly, results set), that go through the network, which is by
definition not secure, are encrypted or not. And if they are not
encrypted, how to make them.

I simply don't want anyone in the middle listen to the data. I cannot
find more info, so maybe the answer is trivial.

Thanks,
Karel Bilek

Re: Derby and security

[Knut Anders Hatlen <kn...@oracle.com>]

running <ru...@gmail.com> writes:

> Hello,
>
> I have a question. I use Derby in my own client/server application. I
> use Java Persistence API on the client; I authenticate user through
> name and password. The data go through the internet.
>
> However, I am not sure if the data itself (meaning queries and, more
> importantly, results set), that go through the network, which is by
> definition not secure, are encrypted or not. And if they are not
> encrypted, how to make them.
>
> I simply don't want anyone in the middle listen to the data. I cannot
> find more info, so maybe the answer is trivial.

Hi Karel,

If you want to encrypt the network traffic, you need to set up the
server and the clients to use SSL/TLS. This section in the admin guide
is a good starting point:

http://db.apache.org/derby/docs/10.6/adminguide/cadminssl.html

Hope this helps,

-- 
Knut Anders