I'm working on application to store some kind of medical data. Let say, that I would like to have these tables:
Users (to store users names, surnames, age and some settings),
Measurements (to store results)
Every row in Measurements table will be iditified by user ID.
I have problem with built-in authentication. Should I, when I'm creating new user, not only add this new user to the built-in repository(call syscs_util.syscs_set_database_property('derby.user.userName', 'userPassword')), but also somehow add him to the Users table? Basically, what I want to do, is to have user ID to address results. I hope you know what I mean, but if not I can provide some more pieces of information.
(I am a newbie in this area)
This topic has been locked.
4 replies Latest Post - 2007-05-30T16:32:37Z by SystemAdmin
Pinned topic Users in database
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2007-05-30T16:32:37Z at 2007-05-30T16:32:37Z by SystemAdmin
Jean_Anderson 120000E4UY179 PostsACCEPTED ANSWER
Re: Users in database2007-03-19T16:43:47Z in response to SystemAdminHi, to enable builtin authentication, you need to first enable authentication and set the provider to BUILTIN:
1) Enable authentication:codederby.connection.requireAuthentication=true[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36127.html
2) Set the provider to BUILTIN:codederby.authentication.provider=BUILTIN[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure21547.html
Once you have done those two steps you can add your builtin users.
Did you enable authentication and set the provider to BUILTIN?
Re: Users in database2007-05-14T17:02:20Z in response to Jean_AndersonThank you very much. Now it is OK.
BTW: I bought a great book about IBM Cloudscape/Apache Derby:
"Apache Derby - Off to the Races" by Paul C. Zikopoulos, Dan Scott and George Baklarz. The majority of this forum members should know about (or even have) this book already, but if there is anyone who would like to get know Cloudscape/Derby this book is just excellent :)
Now, I would like to ask about something else:
I plan to write a multiuser application, but I would not like to grant any of the users the administrative privileges. Every user (added using special form in my application) should be equal. No one should be able to see or modify other users results or database settings. I plan to dynamically create a root user (when my application will be launched for the first time). Root's user name and password will be created dynamically (current time multiplied by random value and SHA-256). This data will be stored in separate text file(encrypted) and it's content will be read by the application to enable adding new users.
Is this solution good? Maybe there are others who encountered such a "problem" and could share their knowledge?
Stan 120000HAGM267 PostsACCEPTED ANSWER
Re: Users in database2007-05-14T19:11:27Z in response to SystemAdminHi Stanley -
I don't have experience in this area but wanted you to know that security features are big part of the upcoming Apache Derby release (10.3) and there has been many security discussions on the derby-dev list. I suggest you post your question there.
My one question about your design is how you will implement the following:
" No one should be able to see or modify other users results "
Will each user store data/information in private tables?
Re: Users in database2007-05-30T16:32:37Z in response to Stan> Hi Stanley -
> I don't have experience in this area but wanted you
> to know that security features are big part of the
> upcoming Apache Derby release (10.3) and there has
> been many security discussions on the derby-dev list.
> I suggest you post your question there.
Thanks for the reply.
I will post this question to the derby-user mailing list and provide a link here.
> My one question about your design is how you will
> implement the following:
> " No one should be able to see or modify other users
> results "
> Will each user store data/information in private
I plan to encrypt a database so only my application will be able to boot it.
Then, application itself, will be controlling Access to the propriate pieces of data. It should be easy when we take into account that my application is using built-in driver (no network connection at all, database is integrated with application).