Turn on protection for database-level properties so that they cannot
be overridden by system properties by setting the derby.database.propertiesOnly property
to TRUE. See the Java DB Reference Manual for details
on this property.
To prevent unauthorized users from accessing databases once they
are booted, turn on user authentication for the database and configure user
authorization for the database.
If you are using Derby's
built-in users, configure each user as a database-level property so that user
names and passwords can be encrypted.
built-in authentication mechanism is suitable only for development and testing
purposes. It is strongly recommended that production systems rely on LDAP or a
user-defined class for authentication. It is also strongly recommended that
production systems protect network connections with SSL/TLS.