If the database file can be copied, use the temporary public login_mode option for integrated and Kerberos logins. If the file is copied, the integrated and Kerberos logins are not supported by default.
If a database contains sensitive information, the computer where the database files are stored should be protected from unauthorized access. Otherwise, the database files could be copied and unauthorized access to the data could be obtained on another computer. To increase database security:
Make user passwords, especially those with DBA authority, complex and difficult to guess.
Set the PUBLIC.login_mode database option to Standard. To enable integrated or Kerberos logins, only the temporary public option should be changed each time the server is started. This ensures that only Standard logins are allowed if the database is copied. See Security concerns: Setting temporary public options for added security.
Strongly encrypt the database file using the AES encryption algorithm. The encryption key should be complex and difficult to guess.
Discuss this page in DocCommentXchange.
|Copyright © 2010, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.0|