Cloudscape and Security,
Page 2 of 9
|

|

[top]  [prev]
  [next]
Documentation Top

Global Index
Reference Manual
TOC Index
Grammar index
Developer's Guide
TOC
Index
Tuning Cloudscape
TOC Index
|
Security Overview
Features
Cloudscape can be deployed in a number of diverse ways and in a number of different environments. The security needs of the Cloudscape system are also diverse. Cloudscape supplies or supports the following optional security mechanisms:
-
User authentication
Cloudscape verifies user names and passwords before permitting them access to the Cloudscape system. See Working with User Authentication.
-
User authorization
A means of granting specific users permission to read a database or to write to a database. See User Authorization.
-
Network encryption with Secure Socket Layer (SSL)
A protocol designed to guarantee privacy and integrity of messages on the wire and supported by some application servers, including Cloudconnector. See SSL.
-
Disk encryption
A means of encrypting Cloudscape data stored on disk . See Encrypting Databases on Disk.
Figure 8-1 . Some of the Cloudscape security mechanisms at work in a
client/server environment
Figure 8\x15 2\t. Another Cloudscape security mechanism, disk encryption,
protects data when the recipient may not know how to protect
data. It is useful for databases deployed in an embedded
environment.
Configuring Security for Your Environment
In most cases, you enable Cloudscapes security features through the use of properties. It is important to understand the best way of setting properties for your environment.
Configuring Security in a Client/Server Environment
This discussion assumes a system with multiple databases and some administrative resources. For systems that have a single database and for which there are no administrative resources, follow the instructions in Configuring Security in an Embedded Environment.
Configure security features as system properties.
See System-Wide Properties in Tuning Cloudscape.
Provide administrative-level protection for the cloudscape.properties file and Cloudscape databases. For example, you can protect these files and directories with operating system permissions and firewalls.
Turn on user authentication for your system.
All users must provide valid user IDs and passwords to access the Cloudscape system. See Working with User Authentication for information.
If you are using Cloudscapes built-in users, configure users for the system in the cloudscape.properties file. Provide the protection for this file.
Configure user authorization for sensitive databases in your system.
Only designated users will be able to access sensitive databases. You typically configure user authorization with database-level properties. See User Authorization for information. It is also possible to configure user authorization with system-level properties. This is useful when you are developing systems or when all databases have the same level of sensitivity.
Configuring Security in an Embedded Environment
In an embedded environment, typically there is only one database per system and there are no administrative resources to protect databases.
Encrypt the database when you create it.
Configure all security features as database-level properties.
When you do this, these properties are stored in the database (which is encrypted). See Database-Wide Properties in Tuning Cloudscape.
Turn on protection for database-level properties so that they cannot be overridden by system properties.
Do this by setting the cloudscape.database.propertiesOnly property to true.
To prevent unauthorized users from accessing databases once they are booted, turn on user authentication for the database and configure user authorization for the database.
See Working with User Authentication for information.
See User Authorization for information.
If you are using Cloudscapes built-in users, configure each user as a database-level property so that user names and passwords can be encrypted.
Configuring Security in a Synchronization System
For information, see Cloudscape Synchronization Guide.
|