Rick, I’d vote for secure by default in v.11. Thanks
On Mon, Sep 19, 2011 at 6:39 PM, Rick Hillegas <rick.hille...@oracle.com> wrote: > The Derby developers are considering introducing a single master security > property. Turning this property on will enable most Derby security > mechanisms: > > 1) Authentication - Will be on, requiring username/password credentials at > connection time. Derby will supply a default authentication mechanism. > > 2) SQL authorization - Will be on, hiding a user's data from other people. > In addition, Derby will support more SQL Standard protections for Java > routines. > > 3) File permissions - Will be tightened as described by DERBY-5363. > > 4) PUBLIC -This keyword will not be allowed as a user name. > > 5) SSL/TLS encryption - Will shield client/server traffic. > > 6) Server administration - Will require credentials. > > When the property is off, Derby will behave as it does today: > Authentication, authorization, and network encryption will be off, file > permissions will inherit defaults from the account which runs the VM, PUBLIC > will be a legal user name, and server administration won't need credentials. > > This new master property will make it easier to configure a more secure > application. We want to introduce the property in an upcoming 10.x release, > where it will default to being off. That means that it won't cause > compatibility problems. > > Later on, we might change the default for this property so that it would > normally be turned on. This would make Derby more secure out of the box at > the cost of breaking existing applications. Many applications would need to > explicitly turn the property off in order to run as they did previously. > Release notes would document this behavioral change and we would bump the > major release id from 10 to 11 in order to call attention to the change. > > We would like your feedback on this trade-off between security out of the > box versus disruption. Should this extra security be enabled by default? > > Thanks, > -Rick > >