Paul Byford wrote: > hi, > i intend to deploy derby in embedded form as part of an application. to > protect the data i would like to use the disk encryption feature. > > the issue i have is that for my application to have access to the > encrypted database data I must also deploy the bootPassword with the > application in among one of my application java classes. i am concerned > someone with access to the java classes will have access to the > password, and if theydesire they can therefore access the encrypted > database. > > my requirement is that the data is only made available if the > bootPassword is provided by my application. > > is this possible in derby at present? the documentation does not > explicitly cover this.
Yes, typically your application gets the boot password or encryption key from somewhere and creates a connection request of the correct form using it. Hard-coding the boot password or an encryption key in your application code is not secure. The typical places to get the boot password or key are: - prompting the user (boot password) - encryption key from a smart card - encryption key from a secure key store Typically all of these require some user interaction, e.g. the PIN for the smart card, pass phrase for the secure key store. The presentation Sunitha pointed you to has examples of the JDBC code required to present the key or password to Derby. Dan.
