Security

Following is a list of security enhancements introduced in SQL Anywhere version 11.0.0.

  • ISYSUSER and ISYSEXTERNLOGIN system tables are now encrypted when table encryption is enabled   Previously, when encrypting a database, or when creating a database with table encryption enabled, the ISYSCOLSTAT system table was automatically encrypted. Now, the ISYSUSER and ISYSEXTERNLOGIN system tables are also encrypted, to provide additional security.

  • Auditing enhancements   Now, auditing can be controlled through Sybase Central. From the Database Properties window, users with DBA authority can enable auditing, disable auditing, and specify which information they want to audit. Auditing information can be viewed in Sybase Central on the Auditing tab in the right pane. See Controlling auditing and Retrieving auditing information.

    When auditing is enabled, errors for failed connections are now logged, indicating the reason for the failure.

  • 256-bit AES encryption now supported   SQL Anywhere now supports 256-bit AES encryption for databases, tables, files, and data. This enhancement impacts several areas, as noted below:

    • Database and table encryption   You can now specify AES256 and AES256_FIPS for the ENCRYPTION clause of the CREATE DATABASE statement. See CREATE DATABASE statement.

      You can also specify AES256 and AES256_FIPS for the -ea option of the Initialization utility (dbinit) and Unload utility (dbunload). See Initialization utility (dbinit) and Unload utility (dbunload).

    • FIPS-approved algorithms   You can now use a 256-bit FIPS-approved AES algorithm on a FIPS-enabled platform. See -fips dbeng12/dbsrv12 server option.

    • Encrypting and decrypting data   When encrypting data using the ENCRYPT and DECRYPT functions, you can now specify AES256 and AES256_FIPS. See ENCRYPT function [String] and DECRYPT function [String].

    • Creating encrypted copies of databases, transaction logs, and dbspaces   When creating an encrypted copy of an encrypted or unencrypted database, transaction log, or dbspace using the CREATE ENCRYPTED FILE statement, you can now specify a 256-bit AES algorithm (AES256 or AES256_FIPS). See CREATE ENCRYPTED FILE statement.

    • DBTools support for 256-bit AES encryption   The a_create_db and an_unload_db structures have been extended to support AES256 and AES256_FIPS as values for the encryption_algorithm member. See a_create_db structure and an_unload_db structure.

    See also:

  • Password encryption supported for jConnect and Open Client   Password encryption is now supported for jConnect and Open Client connections. See: