Sybase IQ 12.6 offers many new security features, including Certicom database encryption, and the ability to hide the contents of certain types of files.
Hide procedure text to keep your logic confidential You can obscure the logic contained in stored procedures, functions, and views using the SET HIDDEN clause of the ALTER PROCEDURE, ALTER FUNCTION, and ALTER VIEW statements. This allows applications and databases to be distributed without revealing the logic in stored procedures, functions, and views.
To gain the benefits of this enhancement on databases created before this release, you must upgrade the database using ALTER DATABASE UPGRADE.
For more information, see “Hiding the contents of procedures, functions, and views” in Sybase IQ System Administration Guide. For syntax details, see Adaptive Server Anywhere SQL Reference.
New utility allows you to hide the contents of files Configuration files, also known as command files, sometimes contain passwords. As an enhanced security feature, Sybase IQ has a new utility, called the File Hiding utility, that allows you to hide the contents of configuration files using simple encryption.
For more information, see “The File Hiding Utility” in the Adaptive Server Anywhere Database Administration Guide.
Certicom encryption changes Security has been enhanced to support RSA_TLS Certicom encryption. The encryption known in previous versions of Adaptive Server Anywhere as Certicom encryption has been renamed to RSA_TLS encryption. The Certicom parameter is still accepted and is equivalent to RSA_TLS encryption.
For more information, see “Starting the database server” in Sybase IQ Utility Guide and Chapter 13, “Transport-Layer Security” in Sybase IQ System Administration Guide.
Strong encryption over TCP/IP Sybase IQ now supports certificate-based encryption over TCP/IP ports on Solaris, Linux, and all supported Windows operating systems. Strong encryption protects the confidentiality and integrity of network packets as they pass between the client and the server. This encryption is also called Transport Layer Security (TLS).
The database server -ec command
line option allows you to set the server's connection parameters
and replaces the -e command
line option in previous versions of Sybase IQ. You can set the
client connection parameters with the encryption connection parameter.
For more information, see “Starting the database server” in Sybase IQ Utility Guide, and “Encryption connection parameter [ENC]” and “EncryptedPassword connection parameter [ENP]” in Sybase IQ System Administration Guide.
To use this feature, you must use Sybase IQ 12.6 or higher software at both the client and the server. You do not need to upgrade the database.
Strong encryption of the database file The database file itself can now be strongly encrypted for greater security.
For more information, see the following locations:
“sa_audit_string system procedure,” “sa_enable_auditing_type system procedure,” and “sa_disable_auditing_type system procedure,” and “AUDITING option [database]” in Sybase IQ Reference Manual.
CREATE DATABASE statement, DROP DATABASE statement, START DATABASE statement [DBISQL], and RESTORE statement in the Sybase IQ Reference Manual.
You must use Sybase IQ 12.6 or higher to create encrypted database files.
Database page checksums Database page checksums are used to detect whether a database page has been modified on disk. In Sybase IQ, when a database is created with checksums enabled, a checksum is calculated for each Catalog Store page before it is written to disk. When a Catalog Store page is read from disk, its checksum is calculated again and compared to the stored checksum. If the values are different, the page has been modified or otherwise corrupted while on disk. You can only add checksums to new databases you create in version 12.6 or higher. You can check whether checksums are enabled for a database using the Checksum property.
For more information about creating databases with checksums on the Catalog Store, see “Choosing database attributes” in Introduction to Sybase IQ.
Checksums can also be used to validate the Catalog Store. For more information, see “The Validation utility (dbvalid)” in Sybase IQ Utility Guide, or “sa_validate system procedure” in Sybase IQ Reference Manual.
LOGIN_PROCEDURE option requires DBA authority (behavior change) The LOGIN_PROCEDURE option can only be set by a user with DBA authority. In previous versions, DBA authority was not required to set this option. A user with DBA authority can change the setting of this option for other users, but users without DBA authority cannot change their own setting of this option. As a result of this change, the DBA can ensure that a common procedure, if necessary, is executed when a user connects.
