Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
This section explains the enhancements made to SQL Anywhere to improve security.
RSA now included with SQL Anywhere You no longer have to purchase a separate license to use RSA encryption. See Separately licensed components.
Enhancements to FIPS support The following FIPS-related changes have been made to the database server:
The FIPS DLL has been renamed from dbrsa10f.dll to dbfips10.dll.
The HASH function now accepts two new algorithms: SHA1_FIPS and SHA256_FIPS. These are the same as the SHA1 and SHA256 algorithms, but are the FIPS-validated Certicom versions.
If the -fips server option is specified and a non-FIPS algorithm is given to the HASH function, the database server uses SHA1_FIPS instead of SHA1, SHA256_FIPS instead of SHA256, and returns an error if MD5 is used (MD5 is not a FIPS algorithm).
If the -fips option is specified, the database server uses SHA256_FIPS for password hashing.
Kerberos authentication SQL Anywhere now supports Kerberos authentication. Kerberos authentication lets you use your Kerberos credentials to connect to the database without specifying a user ID or password. See Using Kerberos authentication.
New authorities added The following authorities have been added:
BACKUP authority You can assign BACKUP authority to a user so that they can perform backups, instead of granting the user DBA authority. See BACKUP authority overview.
VALIDATE authority A new authority for validation operations, VALIDATE, has been added. VALIDATE authority is required to perform the operations executed by the different VALIDATE statements, such as database, table, index, and checksum validation. See VALIDATE authority overview.
Securing features for a database server The -sf database server option lets you specify features, or groups of features, that are secured (disabled) for databases running on the database server. See -sf server option.The -sk server option lets you specify a key that can be used to enable disabled features when used with the secure_feature_key database option. You can also change the set of disabled features using the sa_server_option system procedure SecureFeatures property. See -sk server option.