Topic
  • 4 replies
  • Latest Post - ‏2007-05-30T16:32:37Z by SystemAdmin
SystemAdmin
SystemAdmin
1525 Posts

Pinned topic Users in database

‏2007-03-18T17:22:07Z |
Hello,

I'm working on application to store some kind of medical data. Let say, that I would like to have these tables:
Users (to store users names, surnames, age and some settings),
Measurements (to store results)

Every row in Measurements table will be iditified by user ID.

I have problem with built-in authentication. Should I, when I'm creating new user, not only add this new user to the built-in repository(call syscs_util.syscs_set_database_property('derby.user.userName', 'userPassword')), but also somehow add him to the Users table? Basically, what I want to do, is to have user ID to address results. I hope you know what I mean, but if not I can provide some more pieces of information.

(I am a newbie in this area)

Regards,

Stanley
Updated on 2007-05-30T16:32:37Z at 2007-05-30T16:32:37Z by SystemAdmin
  • Jean_Anderson
    Jean_Anderson
    179 Posts

    Re: Users in database

    ‏2007-03-19T16:43:47Z  
    Hi, to enable builtin authentication, you need to first enable authentication and set the provider to BUILTIN:

    1) Enable authentication:codederby.connection.requireAuthentication=true[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36127.html

    2) Set the provider to BUILTIN:codederby.authentication.provider=BUILTIN[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure21547.html

    Once you have done those two steps you can add your builtin users.

    Did you enable authentication and set the provider to BUILTIN?

    regards,

    -jean
  • SystemAdmin
    SystemAdmin
    1525 Posts

    Re: Users in database

    ‏2007-05-14T17:02:20Z  
    Hi, to enable builtin authentication, you need to first enable authentication and set the provider to BUILTIN:

    1) Enable authentication:codederby.connection.requireAuthentication=true[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36127.html

    2) Set the provider to BUILTIN:codederby.authentication.provider=BUILTIN[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure21547.html

    Once you have done those two steps you can add your builtin users.

    Did you enable authentication and set the provider to BUILTIN?

    regards,

    -jean
    Thank you very much. Now it is OK.

    BTW: I bought a great book about IBM Cloudscape/Apache Derby:
    "Apache Derby - Off to the Races" by Paul C. Zikopoulos, Dan Scott and George Baklarz. The majority of this forum members should know about (or even have) this book already, but if there is anyone who would like to get know Cloudscape/Derby this book is just excellent :)

    Now, I would like to ask about something else:

    I plan to write a multiuser application, but I would not like to grant any of the users the administrative privileges. Every user (added using special form in my application) should be equal. No one should be able to see or modify other users results or database settings. I plan to dynamically create a root user (when my application will be launched for the first time). Root's user name and password will be created dynamically (current time multiplied by random value and SHA-256). This data will be stored in separate text file(encrypted) and it's content will be read by the application to enable adding new users.

    Is this solution good? Maybe there are others who encountered such a "problem" and could share their knowledge?

    Regards,

    Stanley
  • Stan
    Stan
    267 Posts

    Re: Users in database

    ‏2007-05-14T19:11:27Z  
    Thank you very much. Now it is OK.

    BTW: I bought a great book about IBM Cloudscape/Apache Derby:
    "Apache Derby - Off to the Races" by Paul C. Zikopoulos, Dan Scott and George Baklarz. The majority of this forum members should know about (or even have) this book already, but if there is anyone who would like to get know Cloudscape/Derby this book is just excellent :)

    Now, I would like to ask about something else:

    I plan to write a multiuser application, but I would not like to grant any of the users the administrative privileges. Every user (added using special form in my application) should be equal. No one should be able to see or modify other users results or database settings. I plan to dynamically create a root user (when my application will be launched for the first time). Root's user name and password will be created dynamically (current time multiplied by random value and SHA-256). This data will be stored in separate text file(encrypted) and it's content will be read by the application to enable adding new users.

    Is this solution good? Maybe there are others who encountered such a "problem" and could share their knowledge?

    Regards,

    Stanley
    Hi Stanley -

    I don't have experience in this area but wanted you to know that security features are big part of the upcoming Apache Derby release (10.3) and there has been many security discussions on the derby-dev list. I suggest you post your question there.

    My one question about your design is how you will implement the following:
    " No one should be able to see or modify other users results "
    Will each user store data/information in private tables?
  • SystemAdmin
    SystemAdmin
    1525 Posts

    Re: Users in database

    ‏2007-05-30T16:32:37Z  
    • Stan
    • ‏2007-05-14T19:11:27Z
    Hi Stanley -

    I don't have experience in this area but wanted you to know that security features are big part of the upcoming Apache Derby release (10.3) and there has been many security discussions on the derby-dev list. I suggest you post your question there.

    My one question about your design is how you will implement the following:
    " No one should be able to see or modify other users results "
    Will each user store data/information in private tables?
    > Hi Stanley -
    >
    > I don't have experience in this area but wanted you
    > to know that security features are big part of the
    > upcoming Apache Derby release (10.3) and there has
    > been many security discussions on the derby-dev list.
    > I suggest you post your question there.

    Hi,

    Thanks for the reply.

    I will post this question to the derby-user mailing list and provide a link here.

    > My one question about your design is how you will
    > implement the following:
    > " No one should be able to see or modify other users
    > results "
    > Will each user store data/information in private
    > tables?

    I plan to encrypt a database so only my application will be able to boot it.
    Then, application itself, will be controlling Access to the propriate pieces of data. It should be easy when we take into account that my application is using built-in driver (no network connection at all, database is integrated with application).

    Regards,

    Stanley