Introduction to security features

Since databases may contain proprietary, confidential, or private information, ensuring that the database and the data in it are designed for security is very important.

SQL Anywhere has several features to assist in building a secure environment for your data:

  • User identification and authentication   These features control who has access to a database. See Creating new users.

  • Discretionary access control features   These features control the actions a user can perform while connected to a database. See Database permissions and authorities overview.

  • Auditing   This feature helps you maintain a record of actions on the database. See Auditing database activity.

  • Database server options   These features let you control who can perform administrative operations (for example, loading databases). These options are set when you start the database server. See Controlling permissions from the command line.

  • Views and stored procedures   These features allow you to specify the data a user can access and the operations a user can execute. See Using views and procedures for extra security.

  • Database and table encryption   You can choose to secure your database either with simple encryption, or with strong encryption. Simple encryption is equivalent to obfuscation. Strong encryption renders the database completely inaccessible without an encryption key. See -ek database option and DatabaseKey connection parameter [DBKEY].

    Table encryption features allow you to encrypt individual tables, instead of encrypting the entire database. See Table encryption.

  • Transport-layer security   You can use transport-layer security to authenticate communications between client applications and the database server. Transport-layer security uses elliptic-curve or RSA encryption technology. See Transport-layer security.

    Note

    If you are concerned about other processes on the computer running the database server being able to access the contents of your client/server communications, it is recommended that you use encryption.

    Separately licensed component required

    ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

    See Separately licensed components.

  • Secured features   You can disable features for all databases running on a database server.

  • SELinux support   SELinux policies control an application's access to system resources. SQL Anywhere includes a policy that secures it on Red Hat Enterprise Linux 5.

    For information about compiling and installing the SQL Anywhere SELinux policy, see install-dir/selinux/readme.

Database administrators are responsible for data security. In this chapter, unless otherwise noted, you require DBA authority to perform the tasks described.

User IDs and permissions are security-related topics. See Managing user IDs, authorities, and permissions.