> Hi Knut,
> Thanks for your response. I tried setting the properties with derby completely lowercase and still don't seem to be having much luck with what I am trying to do.
> I have tried this a few different ways. Let me try to step through what I'm doing (and trying to do) and maybe you'll catch where I am going wrong:
> Here's what my derby.properties looks like (with auth disabled and the system level user disabled).
> We have Derby running inside of a Tomcat process/service. I use RazorSQL as my interface to Derby.
> So today I tried:
> 1. Create database/user via the connection string:
> without specifying a username/password in the RazorSQL connection profile. This works.
> 2. Modify the profile to use the mdb user/pass and remove the connection string parameters and connect. This works.
> 3. Issue the following to Derby while logged in as MasterDB:
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.propertiesOnly','true');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication', 'true');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider', 'BUILTIN');
> This works, and I can still log in.
When I perform the above steps, I'm not able to log into the database at
If I additionally do
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.mdb', 'mdb');
, I can only connect with that user/pass.
Here's from the ij session:
ij> connect 'jdbc:derby:mdb;create=true;user=mdb;password=mdb';
When using the BUILTIN scheme, users defined in derby.properties are
system-wide, whereas users defined as database properties are specific
to that database.
> *However* what I want at this point is for no one else to be able to log in access this database or issue commands to Derby besides the "mdb" user that I created. My thought was to I enable authentication in derby.properties. However this then disallows access to the "mdb" user (I assume because the settings in derby.properies supercede the database level properties).
> So either I am doing something wrong, or what I want to do is not possible in Derby.
> Can I have a single database user that can log in and act against a single database schema without having a user declared in derby.properties in plain text. And can I deny access to Derby/schema to everyone else? If this is possible, can someone walk me through the steps to accomplish it.
> Rob DiPietro
> -----Original Message-----
> From: Knut Anders Hatlen [mailto:knut.hatlen@...]
> Sent: Saturday, January 14, 2012 7:37 AM
> To: Derby Discussion
> Subject: Re: Authentication and passwords in derby.properties
> Robert DiPietro<Robert.DiPietro@...> writes:
>> I have been deving against a Derby DB on which requireAuthentication
>> is true, the provider is built-in, and all users have been defined in
>> the derby.properties file (so they are all system level users). This
>> has been extremely convenient in development, however there are
>> obvious concerns about having the password stored in plaintext in a
>> Is it possible to require authentication in built-in mode, but have no
>> system level users defined in derby.properties, rather only defined at
>> database level (stored internally on the database)?
>> For example, I have tried disabling requireAuthentication, logging in
>> to the system, creating a db, and then creating a user against it
>> using these commands:
>> ,'true'); CALL
>> tication', 'true'); CALL
>> , 'BUILTIN'); CALL
>> Which seems to work, but then if I enable requireAuthentication in
>> derby.properties, I can no longer log in.
> Hi Robert,
> The property names should start with 'derby' (all lowercase), not 'Derby'. Does it work as expected if you change the case of the initial letter?
> Knut Anders