 |
|
|
 | Setting up the Database Security Policy |  | 602SQL Server Administration | System Security Principles |  |
Database security measures can be set using various properties. The properties can be set by the (cd_)Set_property_value API function or from the Control Panel of the 602SQL Development Client.
There always exists an anonymous user on each 602SQL server, that logs on using empty username and password. If a server is accessible from the network it's desired to restrict anonymous user access. It can be done on various levels:
The anonymous access ban is handled by the DisableAnonymous server property. It can be set from the Control Panel, System folder, on the Security tab of the Runtime parameters dialog. This property is set by a security administrator.
If the anonymous access is banned, then (as a side effect) the list of users is not displayed in the combo box on the login window - users are required to type the name manually.
By using the IP address filtering (properties IP_enabled_addr[N], IP_enabled_mask[N], IP_disabled_addr[N] and IP_disabled_addr[N]) you can specify which IP addresses can be used to allow clients to connect to a server. E.g. you can restrict server accessability for the IP addresses in a company and it's affiliates. Such a restriction is reasonable if you fear that an unauthorized user can guess someone's password. These properties are set by configuration administrator.
The DisableFastLogin property specifies, whether the client connecting to a server from the same IP address as the previous one did has to login in the usual way, or whether he gets connected automatically under the same username. This property has to be activated if more computers share a single IP address. This property is set by the security administrator.
The MinPasswordLen property sets the minimum length of a user password. If set to 0 then the minimum password length is not limited. By setting the minimum password length you can prevent using too short passwords, therefore lowering the possibility of a password to be guessed by an intruder. This property is set by the security administrator.
The PasswordExpiration property specifies the period when the password is valid. When this period expires, user has to change the password. If set to 0, then the passwords have unlimited validity. By using this property the security administrator may force users to change their passwords regularly.
The "one-time-password" mechanism requires each password to be changed after reaching its usage limit (usually thousands of times). This can be annoying mainly if the password is used by clients who connect and disconnect often (e.g. applications using PHP client access). The Security administrator can change the method of logging to a server with the UnlimitedPasswords parameter - the maximum number of repeated password usage is unlimited then.
The procedures stored on a server may call functions from the external DLL libraries (so on Linux). This may lead to destructive actions on a computer that runs the SQL server. Therefore it's usually required to allow access only to the libraries designed for database application support. Folders that store the libraries that are allowed to be used are specified by the Dir[N] property. This property is set by the configuration administrator.
You can set all these mentioned properties from the Control Panel's System folder, in the Runtime parameters dialog.
The database file has to be protected against unwanted damage. This can be achieved by a combination of physical protection of the computer containing the database and user privileges protection of the database file. The database file shouldn't be visible on a network.
For SQL server runtime there's no need to assign the operating system users access privileges to the database file. These privileges only have to be granted to the user account that runs the server. If the SQL server works as a service on Windows, database file access privileges have to be granted to the system account. Description for Linux is here
There can be a situation when you have to run the server on an account that some user may access. An advanced user may then analyze the database file and read or change some data in it. Therefore it's useful to encrypt the database file.
Three encryption methods are implemented in 602SQL:
The first encryption method can be broken by an expert with normal effort, the second can be broken by making a hard effort. The third method is based on a high quality encryption algorithm, that can be broken only theoretically and by extreme costs. Using the third method however slows the server activity.
When using encryption based on a password, you have to type the password when launching the server. Therefore it's not recommended to use it if:
The encryption is set by the security administrator by using the Encryption of the database file tool from the System / Tools folder, or by specifying the FilEncrypt parameter.
An intruder can create a false network SQL server that has the same name as the real server and acts as the real server. By doing so, the intruder may attempt to get secret client information or mistake them by sending false data. You can protect your server against this danger by checking the SQL server identity.
One can tap other persons's data transferred in computer networks and by implementing proper tools even change them. This can be prevented by encrypting the network communication between the client and the server.
| Setting up the Database Security Policy | | 602SQL Server Administration | System Security Principles | |