You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-user@db.apache.org by running <ru...@gmail.com> on 2010/09/02 03:49:12 UTC
Derby and security
Hello,
I have a question. I use Derby in my own client/server application. I
use Java Persistence API on the client; I authenticate user through
name and password. The data go through the internet.
However, I am not sure if the data itself (meaning queries and, more
importantly, results set), that go through the network, which is by
definition not secure, are encrypted or not. And if they are not
encrypted, how to make them.
I simply don't want anyone in the middle listen to the data. I cannot
find more info, so maybe the answer is trivial.
Thanks,
Karel Bilek
Re: Derby and security
Posted by Knut Anders Hatlen <kn...@oracle.com>.
running <ru...@gmail.com> writes:
> Hello,
>
> I have a question. I use Derby in my own client/server application. I
> use Java Persistence API on the client; I authenticate user through
> name and password. The data go through the internet.
>
> However, I am not sure if the data itself (meaning queries and, more
> importantly, results set), that go through the network, which is by
> definition not secure, are encrypted or not. And if they are not
> encrypted, how to make them.
>
> I simply don't want anyone in the middle listen to the data. I cannot
> find more info, so maybe the answer is trivial.
Hi Karel,
If you want to encrypt the network traffic, you need to set up the
server and the clients to use SSL/TLS. This section in the admin guide
is a good starting point:
http://db.apache.org/derby/docs/10.6/adminguide/cadminssl.html
Hope this helps,
--
Knut Anders