Keeping your Windows Mobile database secure

This section describes SQL Anywhere features that help make your Windows Mobile database secure. In particular, this section describes auditing, database encryption, and presents overviews of other security features, providing links to where you can find more information.

Many of the SQL Anywhere security features for Windows desktop platforms are supported on Windows Mobile, such as database file encryption and simple communication encryption, or have modified support, such as the Log Translation utility.

Databases running on Windows Mobile use the same user identification and authorization features as databases running on Windows desktop platforms. These features control who can access the database and what actions those users can perform. See Controlling database access.

Windows Mobile device security

If you are storing sensitive data on your Windows Mobile device, you may want to use the security features provided for your Windows Mobile device.

For more information about available security features, see the User's Manual provided with your Windows Mobile device.

Database server options

Server options allow you to control who can perform certain operations on the server.

These options are set in the Options field of the Server Startup Options window when you start the database on your Windows Mobile device.

For more information, see Controlling permissions from the command line.

For information about setting options on Windows Mobile, see Specifying server options on Windows Mobile.

Auditing

This feature uses the transaction log to maintain a detailed record of actions on the database.

The Log Translation utility (dbtran) is used to translate the information stored in the transaction log, including auditing information. The dbtran utility is not supported on Windows Mobile, so you cannot translate a log stored on a Windows Mobile device. Copy the transaction log file to your PC to use this utility.

For more information, see Auditing database activity.

Database encryption on Windows Mobile

Database encryption features allow you to choose the level of database encryption. You can choose to secure your database either with simple encryption, or with strong encryption. SQL Anywhere supports both simple and strong encryption on Windows Mobile.

Simple encryption   This level of encryption is equivalent to obfuscation and makes it more difficult for someone using a disk utility to look at the file to decipher the data in your database. Simple encryption does not require a key to encrypt the database.

Simple encryption technology is supported in previous versions of SQL Anywhere.

Strong encryption   This level of encryption obfuscates the information contained in your database and transaction log files so they cannot be deciphered simply by looking at the files using a disk utility. Strong encryption renders the database completely inaccessible without the key. On Windows Mobile, the AES_FIPS and AES256_FIPS algorithms are only supported with ARM processors.

For more information, see Encrypting and decrypting a database.

Communication encryption and Windows Mobile

You can encrypt client/server communications for greater security as they pass over the network. SQL Anywhere provides two types of communication encryption: simple and strong.

Simple communication encryption accepts communication packets that are encrypted with simple encryption. This level of communication encryption is supported on all platforms, including Windows Mobile and on previous versions of SQL Anywhere.

Strong communication encryption is not available on Windows Mobile.

For more information about encrypting communications, see Encryption connection parameter [ENC].