Following is a list of security enhancements introduced in SQL Anywhere version 16.0.
Raw encryption The ENCRYPT function can encrypt data inside the database server and output it into a raw format so that it can be decrypted outside of the database. The DECRYPT function can decrypt data encrypted outside of the database server. See ENCRYPT function [String] and DECRYPT function [String].
Support for TDS RSA encryption with nonce password exchange The new -tdsl database server option restricts the type of TDS login request that a database server supports. Set the TDS login mode to support all login requests, only RSA login requests, or only RSA with nonce login requests. See -tdsl database server option.
Secure feature keys can now be customized You can now create and view customized secure feature keys that can be assigned to individual users by using the following system procedures:
sp_create_secure_feature_key system procedure Creates a new secure feature key. See sp_create_secure_feature_key system procedure.
sp_alter_secure_feature_key system procedure Alters a previously defined secure feature key by modifying the authorization key and/or the feature list. See sp_alter_secure_feature_key system procedure.
sp_drop_secure_feature_key system procedure Deletes a secure feature key. See sp_drop_secure_feature_key system procedure.
sp_list_secure_feature_keys system procedure Returns a list of defined secure feature keys. See sp_list_secure_feature_keys system procedure.
sp_use_secure_feature_key system procedure Allows access to the secured features associated with the specified secure feature key. See sp_use_secure_feature_key system procedure.
Secure features You can prevent users from manipulating directories and files on the same computer as the server. The following features, which correspond to system procedures, were added to the local_io feature set:
The manage_server feature set prevents users from accessing features related to the database server.
The create_trace_file and _trace_system_event features prevent users from creating event tracing targets and user-defined events, respectively.
Re-execute SQL after specifying the database server's secure feature key In Sybase Central, if you try to execute SQL that uses a secure feature, you are given the option of specifying the database server secure feature key, after which the SQL is re-executed. The database server must be started with a secure feature key (using the -sk option) to use this feature.
When disk sandboxing is enabled, relative path names are treated as relative to the directory where the main database file is located. When disk sandboxing is not enabled, relative path names are relative to the working directory of the database server. See SQL Anywhere behavior changes.
The following features have been added to support the disk sandboxing feature:
|Database server options (dbsrv16)|
To use either the sa_server_option system procedure or the sa_db_option system procedure to change disk sandbox settings, provide the secure feature key for the manage_disk_sandbox secure feature.
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|