Following is a list of security enhancements introduced in SQL Anywhere version 11.0.0.
ISYSUSER and ISYSEXTERNLOGIN system tables are now encrypted when table encryption is enabled Previously, when encrypting a database, or when creating a database with table encryption enabled, the ISYSCOLSTAT system table was automatically encrypted. Now, the ISYSUSER and ISYSEXTERNLOGIN system tables are also encrypted, to provide additional security.
Auditing enhancements Now, auditing can be controlled through Sybase Central. From the Database Properties window, users with DBA authority can enable auditing, disable auditing, and specify which information they want to audit. Auditing information can be viewed in Sybase Central on the Auditing tab in the right pane. See Controlling auditing and Retrieving auditing information.
When auditing is enabled, errors for failed connections are now logged, indicating the reason for the failure.
256-bit AES encryption now supported SQL Anywhere now supports 256-bit AES encryption for databases, tables, files, and data. This enhancement impacts several areas, as noted below:
Database and table encryption You can now specify AES256 and AES256_FIPS for the ENCRYPTION clause of the CREATE DATABASE statement. See CREATE DATABASE statement.
You can also specify AES256 and AES256_FIPS for the -ea option of the Initialization utility (dbinit) and Unload utility (dbunload). See Initialization utility (dbinit) and Unload utility (dbunload).
FIPS-certified algorithms You can now use 256-bit FIPS-certified AES algorithms. See -fips dbeng12/dbsrv12 server option.
Encrypting and decrypting data When encrypting data using the ENCRYPT and DECRYPT functions, you can now specify AES256 and AES256_FIPS. See ENCRYPT function [String] and DECRYPT function [String].
Creating encrypted copies of databases, transaction logs, and dbspaces When creating an encrypted copy of an encrypted or unencrypted database, transaction log, or dbspace using the CREATE ENCRYPTED FILE statement, you can now specify a 256-bit AES algorithm (AES256 or AES256_FIPS). See CREATE ENCRYPTED FILE statement.
DBTools support for 256-bit AES encryption The a_create_db and an_unload_db structures have been extended to support AES256 and AES256_FIPS as values for the encryption_algorithm member. See a_create_db structure [database tools] and an_unload_db structure [database tools].
See also:
Password encryption supported for jConnect and Open Client Password encryption is now supported for jConnect and Open Client connections. See:
Discuss this page in DocCommentXchange.
|
Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1 |