Setting Up Security
The transactional interface provides three methods of setting up file security:
Assign an owner name to the file
Open the file in exclusive mode
Use the Pervasive PSQL Control Center (PCC) security settings
In addition, the transactional interface supports the native file-level security (if available) on the server platforms.
*Note: Windows developers: File-level security is available on the server if you installed the NTFS file system on your server. File system security is not available if you installed the FAT file system.
The transactional database engine provides the following features for enhancing data security.
Owner Names
The transactional interface allows you to restrict access to a file by assigning an owner name using the Set Owner operation (see Set Owner (29) in Btrieve API Guide.) Once you assign an owner name to a file, the transactional interface requires that the name be specified to access the file. This prevents any unauthorized access or changing of a file’s contents by users or applications that do not provide the owner name.
Likewise, you can clear the owner name from a file if you know the owner name assigned to it.
Owner names are are case sensitive and can be short or long. A “short” owner name can be up to 8 bytes long. A “long” owner name can be up to 24 bytes long. For restrictions pertaining to long owner names, see the section Procedure in Btrieve API Guide for Set Owner (29).
You can restrict access to the file in these ways:
Users can have read-only access without supplying an owner name. However, neither a user nor a task can change the file’s contents without supplying the owner name. Attempting to do so causes the transactional database engine to return an error.
Users can be required to supply an owner name for any access mode. The transactional database engine restricts all access to the file unless the correct owner name is supplied.
When you assign an owner name, you can also request that the database engine encrypt the data in the disk file using the owner name as the encryption key. Encrypting the data on the disk ensures that unauthorized users cannot examine your data by using a debugger or a file dump utility. When you use the Set Owner operation and specify encryption, the encryption occurs immediately. The transactional database engine has control until the entire file is encrypted, and the larger the file, the longer the encryption process takes. Because encryption requires additional processing time, you should select this option only if data security is important in your environment.
You can use the Clear Owner (30) operation to remove ownership restrictions from a file if you know the owner name assigned to it. In addition, if you use the Clear Owner operation on an encrypted file, the database engine decrypts it.
Exclusive Mode
To limit access to a file to a single client, you can specify that the transactional database engine open the file in exclusive mode. When a client opens a file in exclusive mode, no other client can open the file until the client that opened the file in exclusive mode closes it.
SQL Security
See Database URIs for information on database Uniform Resource Indicator (URI) strings. See the Pervasive PSQL User Guide for how to access the PCC security settings.