AW: Use Apache Derby Network Server with encrypted database

2016-08-24 Thread Hohl, Gerrit
Hello Peter,

hello George,

 

thank you for your 2 mails. And sorry I didn't reply earlier.

Yes, I also realized that there is no difference between the embedded and the 
standalone version.

The only exception is that you have to put the encryption library in the 
CLASSPATH of the network server if you want to use one.

Everything else can be passed to the database via the connection.

 

About SSL: As I use it as a local database, but in a different process than 
then application (this way I can do some maintenance even independent from the 
application) I guess I don't need it.

Or let's put it this way: If a person is already on the machine and would be 
able to sniff the local IP traffic, that person may also have access on the 
files of Derby.

And somewhere there is also the password for the keystore as well as the path 
to the keystore which contains the certificate(s). I guess from there to the 
boot password it is only a short way.

Or I'm wrong?

 

For a database installed on a different machine I definitely would recommend 
using SSL, of course.

 

Thanks for your mails again. :-)

 

Gruß

Gerrit

 

Von: toma.georg...@yahoo.com [mailto:toma.georg...@yahoo.com] 
Gesendet: Mittwoch, 24. August 2016 22:13
An: derby-user@db.apache.org
Betreff: Re: Use Apache Derby Network Server with encrypted database

 

Hi Gerrit,

 

Based on Apache Derby page, between the embedded mode and network mode there is 
no difference, 
https://db.apache.org/derby/docs/10.0/manuals/admin/hubprnt19.html#Differences+between+running+Derby+in+embedded+mode+and+using+the+Network+Server

 

Have you tried to create an encrypted database via the network mode using the 
steps mentioned in your link ? It should work, otherwise can you please post 
your errors/stacktrace/exceptions.

 

What I did on my side to try your scenario :

1.  Start Apache Derby in network mode

2.  Create a dummy encrypted database and connect to it via ij:

a.   connect 
'jdbc:derby://localhost:1527/MyDbTest;create=true;dataEncryption=true';

3.  After that I’ve started to create tables and to execute SQL queries 
(select), just to play with the database.

4.  It worked, no difference between embedded vs network mode.

a.  Remember to append to the URL the host and the port where 
Apache Derby server is started ( in my case it was localhost : 1527).

 

What I’ve followed in order to achieve the above:

1.  http://db.apache.org/derby/papers/DerbyTut/ns_intro.html#ij_ns_client

2.  http://db.apache.org/derby/papers/DerbyTut/ij_intro.html#ij_connect

3.  https://db.apache.org/derby/docs/10.0/manuals/develop/develop15.html

4.  If you want a more custom example regarding the algorithm that can be 
used to encrypt the database, please have a look into this page :

a.  
https://db.apache.org/derby/docs/10.2/ref/rrefattribencryptkey.html

 

If you need more information, please let me know.

 

Regards,

George

 

 

Sent from Windows Mail

 

Von: Peter Ondruška [mailto:peter.ondru...@kaibo.eu] 
Gesendet: Mittwoch, 24. August 2016 12:32
An: Derby Discussion
Betreff: Re: Use Apache Derby Network Server with encrypted database

 

Dear Gerrit,

from my understanding the only difference with Derby network server and 
embedded is relevant part of connection string. The rest where you put 
parameters after semicolon and where you would specify encryption properties is 
the same. Just start network server and then connect using network url with 
decryption parameters, subsequent connections should also use those parameters 
because you do not know if database has already booted or not. I strongly 
recommend using SSL to connect to encrypted database ;)

 

On 24 August 2016 at 09:15, Hohl, Gerrit mailto:g.h...@aurenz.de> > wrote:

Hello everyone,

 

I've used Apache Derby for years now as an embedded RDBMS.

BTW: Thanks to all developer doing a great job developing this database system. 
:-D

 

But now I want to use it as a separate service running on Ubuntu Linux.

This is no problem.

 

But I haven't found any explanation or example how to create and use encrypted 
database if I'm running Derby as a service.

 

I found only this page:

https://db.apache.org/derby/docs/10.0/manuals/develop/develop115.html

But it seems it only deals with an embedded Derby version.

 

Regards,

Gerrit

 




-- 

Peter Ondruška


kaibo, s.r.o., ID 28435036, registered with the commercial register 
administered by the Municipal Court in Prague, section C, insert 141269.
Registered office and postal address: kaibo, s.r.o., Kališnická 379/10, Prague 
3, 130 00, Czech Republic.
https://www.kaibo.eu

 



Re: Use Apache Derby Network Server with encrypted database

2016-08-24 Thread toma.george89
Hi Gerrit,




Based on Apache Derby page, between the embedded mode and network mode there is 
no difference, 
https://db.apache.org/derby/docs/10.0/manuals/admin/hubprnt19.html#Differences+between+running+Derby+in+embedded+mode+and+using+the+Network+Server




Have you tried to create an encrypted database via the network mode using the 
steps mentioned in your link ? It should work, otherwise can you please post 
your errors/stacktrace/exceptions.


What I did on my side to try your scenario :

Start Apache Derby in network mode


Create a dummy encrypted database and connect to it via ij:


 connect 'jdbc:derby://localhost:1527/MyDbTest;create=true;dataEncryption=true';


After that I’ve started to create tables and to execute SQL queries (select), 
just to play with the database.


It worked, no difference between embedded vs network mode.


Remember to append to the URL the host and the port where Apache Derby server 
is started ( in my case it was localhost : 1527).



What I’ve followed in order to achieve the above:

http://db.apache.org/derby/papers/DerbyTut/ns_intro.html#ij_ns_client


http://db.apache.org/derby/papers/DerbyTut/ij_intro.html#ij_connect


https://db.apache.org/derby/docs/10.0/manuals/develop/develop15.html


If you want a more custom example regarding the algorithm that can be used to 
encrypt the database, please have a look into this page :


https://db.apache.org/derby/docs/10.2/ref/rrefattribencryptkey.html



If you need more information, please let me know.




Regards,

George








Sent from Windows Mail





From: Hohl, Gerrit
Sent: ‎Wednesday‎, ‎August‎ ‎24‎, ‎2016 ‎10‎:‎15‎ ‎AM
To: derby-user@db.apache.org






Hello everyone,

 

I've used Apache Derby for years now as an embedded RDBMS.

BTW: Thanks to all developer doing a great job developing this database system. 
:-D

 

But now I want to use it as a separate service running on Ubuntu Linux.

This is no problem.

 

But I haven't found any explanation or example how to create and use encrypted 
database if I'm running Derby as a service.

 

I found only this page:

https://db.apache.org/derby/docs/10.0/manuals/develop/develop115.html

But it seems it only deals with an embedded Derby version.

 

Regards,

Gerrit

Re: Use Apache Derby Network Server with encrypted database

2016-08-24 Thread Peter Ondruška
Dear Gerrit,

from my understanding the only difference with Derby network server and
embedded is relevant part of connection string. The rest where you put
parameters after semicolon and where you would specify encryption
properties is the same. Just start network server and then connect using
network url with decryption parameters, subsequent connections should also
use those parameters because you do not know if database has already booted
or not. I strongly recommend using SSL to connect to encrypted database ;)

On 24 August 2016 at 09:15, Hohl, Gerrit  wrote:

> Hello everyone,
>
>
>
> I've used Apache Derby for years now as an embedded RDBMS.
>
> BTW: Thanks to all developer doing a great job developing this database
> system. :-D
>
>
>
> But now I want to use it as a separate service running on Ubuntu Linux.
>
> This is no problem.
>
>
>
> But I haven't found any explanation or example how to create and use
> encrypted database if I'm running Derby as a service.
>
>
>
> I found only this page:
>
> https://db.apache.org/derby/docs/10.0/manuals/develop/develop115.html
>
> But it seems it only deals with an embedded Derby version.
>
>
>
> Regards,
>
> Gerrit
>
>
>



-- 
Peter Ondruška

-- 
kaibo, s.r.o., ID 28435036, registered with the commercial register 
administered by the Municipal Court in Prague, section C, insert 141269.
Registered office and postal address: kaibo, s.r.o., Kališnická 379/10, 
Prague 3, 130 00, Czech Republic.
https://www.kaibo.eu


Use Apache Derby Network Server with encrypted database

2016-08-24 Thread Hohl, Gerrit
Hello everyone,

 

I've used Apache Derby for years now as an embedded RDBMS.

BTW: Thanks to all developer doing a great job developing this database
system. :-D

 

But now I want to use it as a separate service running on Ubuntu Linux.

This is no problem.

 

But I haven't found any explanation or example how to create and use
encrypted database if I'm running Derby as a service.

 

I found only this page:

https://db.apache.org/derby/docs/10.0/manuals/develop/develop115.html

But it seems it only deals with an embedded Derby version.

 

Regards,

Gerrit