Data security

Since databases may contain proprietary, confidential, or private information, ensuring that the database and the data in it are designed for security is very important.

SQL Anywhere has several features to assist in building a secure environment for your data:

  • User identification and authentication   These features control who has access to a database. See New user creation.

  • Discretionary access control features   These features control the actions a user can perform while connected to a database. See User IDs, authorities, and permissions.

  • Auditing   This feature helps you maintain a record of actions on the database. See Database activity audits.

  • Database server options   These features let you control who can perform administrative operations (for example, loading databases). These options are set when you start the database server. See Controlling permissions from the command line.

  • Views and stored procedures   These features allow you to specify the data a user can access and the operations a user can execute. See Views and procedures for extra security.

  • Database and table encryption   You can choose to secure your database either with simple encryption, or with strong encryption. Simple encryption is equivalent to obfuscation. Strong encryption renders the database completely inaccessible without an encryption key. See -ek dbeng12/dbsrv12 database option and DatabaseKey (DBKEY) connection parameter.

    Table encryption features allow you to encrypt individual tables, instead of encrypting the entire database. See Table encryption.

  • Transport-layer security   You can use transport-layer security to authenticate communications between client applications and the database server. Transport-layer security uses elliptic-curve or RSA encryption technology. See Transport-layer security.

    Note

    If you are concerned about other processes on the computer that is running the database server being able to access the contents of your client/server communications, it is recommended that you use encryption.

    Note

    Separately licensed component required.

    ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

    See Separately licensed components.

  • Secured features   You can disable features for all databases running on a database server.

  • SELinux support   SELinux policies control an application's access to system resources. SQL Anywhere includes a policy that secures it on Red Hat Enterprise Linux 5.

    For information about compiling and installing the SQL Anywhere SELinux policy, see $SQLANY12/selinux/readme.

Database administrators are responsible for data security. In this section, unless otherwise noted, you require DBA authority to perform the tasks described.

User IDs and permissions are security-related topics. See User IDs, authorities, and permissions.


Security tips
Database access
Database activity audits
Securing the database server
Database encryption and decryption
Windows Mobile database security