June 30, 2015
Tightened Database Security in c‑treeACE V10
c‑treeACE has long offered many levels of security controlling database access. As applications have grown in complexity, so have security needs. SQL in particular provides highly granular control over rights and views. A summary of available c‑treeACE security measures:
- User and group access rights. c‑treeACE mimics Unix concepts of user, group, and world level permissions regarding read, write, definition, and delete capabilities of files at the server level. This fine-grained control allows for securely defined data access by an administrator.
- Authentication controls. In addition to requiring passwords for authentication, c‑treeACE has options to further control authentication and access:
- Logon fail times – Set the number of invalid logon attempts.
- Start and end dates – Specify, in advance, the date range a user is valid.
- Must logon period – Specify an interval in which a user must log on at least once.
- Logon lockout period – Specify a period until a failed logon can again attempt a logon.
- Integration with LDAP and Unix Shadow password file support – Contact FairCom should you need centralized user and group management via these institutional defined protocols.
- SQL privileges. SQL access requires a defined user and directly specified privileges via the GRANT statement. These include SELECT, INSERT. DELETE, and UPDATE privileges at the column level. In addition, a DBA can restrict table creation and definition changes (ALTER), further protecting database integrity.
- SQL View definitions. Views provide virtual depictions of your data. SQL Views are a great way to consolidate data for concise reporting using stored queries. Views can provide an additional layer of security as they restrict available data to users.
- Advanced data encryption. Data can be encrypted via secure AES, 3DES, Blowfish and Twofish algorithms with minimal performance impact. It is strongly recommended to secure sensitive data with these options. Data encryption is available at a per-file level, including full support via SQL.
- Tamper-proof configuration files. Configuration files can be encrypted preventing deployed applications from tampering with preset options. And, site-specific information can still be enabled as necessary.
- File passwords. Individual passwords can be required at file open time, further restricting access to data at run time.
- Transaction auditing history. When enabled, c‑treeACE transaction logs maintain a complete record of all database changes. An API is available providing access to this rich data history for auditing purposes.
c‑treeACE Security Additions
c‑treeACE V10 introduces numerous security lockdowns providing additional data protection for your applications. These include:
- Key Store support for Advanced Encryption master keys
- Default encryption of FAIRCOM.FCS file containing authorization and authentication information
- Default encryption of SQL system tables
- Lengthened password support to 63 bytes and SHA-512 hashing
- Restricted Security Administrator Access
- User and Group logon limits
- Ability to change master encryption key
Together, these additional options provide for secure robust data integrity and protection for sensitive application needs.
Important V10 Security Compatibility Changes
Three important c‑treeACE V10 security enhancements will impact users when upgrading from prior versions. Two major changes were enabled forcing applications to rethink how they approach database security.
- Backward client server compatibility between V10 and prior versions. Due to new authentication exchange protocols between client and server, V9 and prior clients are not able to connect to V10 servers. Likewise, V10 clients are notable to connect to V9 and prior servers. It is always recommended to use matching client – server versions when at all possible to obtain maximum feature usage and compatibility from c‑treeACE.
- Guest access is now disallowed by default. Guest access allows for applications to not specify a user when connecting. Many application didn’t rely on c‑treeACE authentication controls, instead handling this at the application layer. However, a valid user name and password is now required to log into the server as the new default. This support can be disabled in your server configuration for backward compatibility. However, FairCom recommends applications be modified to use appropriate c‑treeACE user authentication and validate all server connections. Add the following keyword to revert this change if necessary:GUEST_LOGON YES
- It is no longer possible for non-ADMIN users to back up or replicate data, or view information history from transaction logs. Dynamic dumps, transaction history, and replication connections now require ADMIN group membership. As these features can potentially expose information, these data access routes are now denied to all but ADMIN defined users. A method to revert this behavior is not available at this time. FairCom is investigating alternative user definitions allowing these activities. Contact FairCom should you have specific legacy applications impacted by this change.
FairCom continues to monitor the security landscape and future changes are forthcoming. Contact FairCom with any specific security needs regarding your application and c‑treeACE access.