|
This section describes SQL Anywhere features that help make your Windows CE database secure. In particular, this section describes auditing, database encryption, and presents overviews of other security features, providing links to where you can find more detailed information.
Many of the SQL Anywhere security features for Windows desktop platforms are supported on Windows CE, such as database file encryption and simple communication encryption, or have modified support, such as the Log Translation utility.
Databases running on Windows CE uses the same user identification and authorization features as databases running on Windows desktop platforms. These features control who can access the database and what actions those users can perform. See Controlling database access.
If you are storing sensitive data on your Windows CE device, you may want to use the security features provided for your Windows CE device.
For more information on available security features, see the User's Manual provided with your Windows CE device.
Server options allow you to control who can perform certain operations on the server.
These options are set in the Options field of the Server Startup Options dialog when you start the database on your Windows CE device.
For more information, see Controlling permissions from the command line.
For information on setting options on Windows CE, see Specifying server options on Windows CE.
This feature uses the transaction log to maintain a detailed record of actions on the database.
The Log Translation utility (dbtran) is used to translate the information stored in the transaction log, including auditing information. The dbtran utility is not supported on Windows CE, so you cannot translate a log stored on a Windows CE device. Copy the transaction log file to your PC to use this utility.
For more information, see Auditing database activity.
Database encryption features allow you to choose the level of database encryption. You can choose to secure your database either with simple encryption, or with strong encryption. SQL Anywhere supports both simple and strong encryption on Windows CE.
Simple encryption This level of encryption is equivalent to obfuscation and makes it more difficult for someone using a disk utility to look at the file to decipher the data in your database. Simple encryption does not require a key to encrypt the database.
Simple encryption technology is supported in previous versions of SQL Anywhere.
Strong encryption This level of encryption scrambles the information contained in your database and transaction log files so they cannot be deciphered simply by looking at the files using a disk utility. Strong encryption renders the database completely inaccessible without the key. If you are encrypting a database to use on Windows CE, it must be encrypted with the AES algorithm.
For more information, see Encrypting a database.
You can encrypt client/server communications for greater security as they pass over the network. SQL Anywhere provides two types of communication encryption: simple and strong.
Simple communication encryption accepts communication packets that are encrypted with simple encryption. This level of communication encryption is supported on all platforms, including Windows CE and on previous versions of SQL Anywhere.
Strong communication encryption is not available on Windows CE.
For more information about encrypting communications, see Encryption connection parameter [ENC].