Advantage provides security for your data in a number of important ways. Some of these are associated with how Advantage transmits data across the network, and others are associated with access rights conferred by a data dictionary. But the most fundamental of data security features is provided at the table level. Specifically, individual tables can be encrypted with a password.
When a table is encrypted with a password, both the table and its memo file are encoded using the password. (If you are using a data dictionary and ADT tables, it is possible to also have the index encrypted.) The effect of this encoding is that the raw table and memo files appear scrambled to anyone who attempts to view their contents. Without encryption, it would be possible for someone with a file viewer, or even Windows Notepad (for small tables), to open the table and view its contents.
Once the table is encrypted, you must provide the password for the table each time the table is opened. For database tables, which can only be accessed through a data dictionary, the data dictionary supplies the password automatically. Note, however, that a data dictionary itself provides security, and when the data dictionary is configured correctly, you will not be able to access the data dictionary without supplying a user name and password. The data dictionary user name and password are separate from a table's password.
If you want to view an encrypted free table using the Advantage Data Architect, you will be prompted for the password when you open the table. Similarly, before an encrypted table can be accessed from a client application, that application must submit the password.
How you submit a table's password from a client application depends on the data access mechanism you are using. For example, if you are using the ACE API, you must make a call to AdsEnableEncryption (for Advantage tables) or AdsStmtSetTablePassword (for executing SQL statements against the table), passing the table name or handle and the password as the arguments to the function call. You need to make one of these calls once per Advantage table, prior to accessing it.
Advantage provides the capability to encrypt tables and associated data. Data encryption is just one part of the process of creating a secure system. The following are some of the steps that can be taken to secure a database:
· Restrict physical access: Prevent direct user access by keeping all data on a physically remote server and using Advantage Database Server to access the data.
· Use access controls: Use a data dictionary with user logins to restrict who can connect to the database.
· Permissions: Use database roles and assign user and group permissions to fine-tune levels of access that users can have.
· Require logins: Disable free connections on the Advantage Database Server to force all connections to authenticate through a data dictionary.
· Encrypt communications: Enable the encryption of communications between the client and server application with Transport Layer Security (TLS) available beginning in v10.1 or with the existing encryption available with both UDP and TCP/IP communications.
· If requirements call for it, enable FIPS mode to ensure that only encryption algorithms approved for the Federal Information Processing Standard (FIPS) 140-2 are used.
· Encrypt data: Enable table encryption at the data dictionary level or in individual free tables.
Return to FiveWin for Harbour/xHarbour
Users browsing this forum: Jimmy and 68 guests