This section explains the enhancements made to SQL Anywhere to improve security.
RSA now included with SQL Anywhere You no longer have to purchase a separate license to use RSA encryption. See Separately licensed components.
Enhancements to FIPS support The following FIPS-related changes have been made to the database server:
The FIPS DLL has been renamed to dbfips10.dll. In version 9.0, it was called dbrsa9f.dll.
The HASH function now accepts two new algorithms: SHA1_FIPS and SHA256_FIPS. These are the same as the SHA1 and SHA256 algorithms, but are the FIPS-validated Certicom versions.
If the -fips server option is specified and a non-FIPS algorithm is given to the HASH function, the database server uses SHA1_FIPS instead of SHA1, SHA256_FIPS instead of SHA256, and returns an error if MD5 is used (MD5 is not a FIPS algorithm).
If the -fips option is specified, the database server uses SHA256_FIPS for password hashing.
Also, the -fips option and FIPS functionality are now available on more platforms. To see the list of platforms on which the -fips option is supported, see Supported platforms.
Kerberos authentication SQL Anywhere now supports Kerberos authentication. Kerberos authentication lets you use your Kerberos credentials to connect to the database without specifying a user ID or password. See Kerberos authentication.
New authorities added The following authorities have been added:
BACKUP authority You can assign BACKUP authority to a user so that they can perform backups, instead of granting the user DBA authority. See BACKUP authority.
VALIDATE authority A new authority for validation operations, VALIDATE, has been added. VALIDATE authority is required to perform the operations executed by the different VALIDATE statements, such as database, table, index, and checksum validation. See VALIDATE authority.
Securing features for a database server The -sf database server option lets you specify features, or groups of features, that are secured (disabled) for databases running on the database server. See -sf dbeng12/dbsrv12 server option.
The -sk server option lets you specify a key that can be used to enable disabled features when used with the secure_feature_key database option. You can also change the set of disabled features using the sa_server_option system procedure SecureFeatures property. See -sk dbeng12/dbsrv12 server option.
 |
Discuss this page in DocCommentXchange.
|
Copyright © 2010, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.0 |