I'm working on application to store some kind of medical data. Let say, that I would like to have these tables:
Users (to store users names, surnames, age and some settings),
Measurements (to store results)
Every row in Measurements table will be iditified by user ID.
I have problem with built-in authentication. Should I, when I'm creating new user, not only add this new user to the built-in repository(call syscs_util.syscs_set_database_property('derby.user.userName', 'userPassword')), but also somehow add him to the Users table? Basically, what I want to do, is to have user ID to address results. I hope you know what I mean, but if not I can provide some more pieces of information.
(I am a newbie in this area)
Jean_Anderson 120000E4UY179 Posts
Re: Users in database2007-03-19T16:43:47ZThis is the accepted answer. This is the accepted answer.Hi, to enable builtin authentication, you need to first enable authentication and set the provider to BUILTIN:
1) Enable authentication:codederby.connection.requireAuthentication=true[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure36127.html
2) Set the provider to BUILTIN:codederby.authentication.provider=BUILTIN[/code]http://db.apache.org/derby/docs/dev/devguide/cdevcsecure21547.html
Once you have done those two steps you can add your builtin users.
Did you enable authentication and set the provider to BUILTIN?
Re: Users in database2007-05-14T17:02:20ZThis is the accepted answer. This is the accepted answer.
- Jean_Anderson 120000E4UY
BTW: I bought a great book about IBM Cloudscape/Apache Derby:
"Apache Derby - Off to the Races" by Paul C. Zikopoulos, Dan Scott and George Baklarz. The majority of this forum members should know about (or even have) this book already, but if there is anyone who would like to get know Cloudscape/Derby this book is just excellent :)
Now, I would like to ask about something else:
I plan to write a multiuser application, but I would not like to grant any of the users the administrative privileges. Every user (added using special form in my application) should be equal. No one should be able to see or modify other users results or database settings. I plan to dynamically create a root user (when my application will be launched for the first time). Root's user name and password will be created dynamically (current time multiplied by random value and SHA-256). This data will be stored in separate text file(encrypted) and it's content will be read by the application to enable adding new users.
Is this solution good? Maybe there are others who encountered such a "problem" and could share their knowledge?
Stan 120000HAGM267 Posts
Re: Users in database2007-05-14T19:11:27ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
I don't have experience in this area but wanted you to know that security features are big part of the upcoming Apache Derby release (10.3) and there has been many security discussions on the derby-dev list. I suggest you post your question there.
My one question about your design is how you will implement the following:
" No one should be able to see or modify other users results "
Will each user store data/information in private tables?
Re: Users in database2007-05-30T16:32:37ZThis is the accepted answer. This is the accepted answer.
- Stan 120000HAGM
> I don't have experience in this area but wanted you
> to know that security features are big part of the
> upcoming Apache Derby release (10.3) and there has
> been many security discussions on the derby-dev list.
> I suggest you post your question there.
Thanks for the reply.
I will post this question to the derby-user mailing list and provide a link here.
> My one question about your design is how you will
> implement the following:
> " No one should be able to see or modify other users
> results "
> Will each user store data/information in private
I plan to encrypt a database so only my application will be able to boot it.
Then, application itself, will be controlling Access to the propriate pieces of data. It should be easy when we take into account that my application is using built-in driver (no network connection at all, database is integrated with application).