Setting Up Security
The MicroKernel Engine provides three methods of setting up file security:
Assign an owner name to the file
Open the file in exclusive mode
Use the PSQL Control Center (PCC) security settings
In addition, the MicroKernel Engine supports the native file-level security (if available) on the server platforms.
*Note: Windows developers: File-level security is available on the server if you installed the NTFS file system on your server. File system security is not available if you installed the FAT file system.
The MicroKernel Engine provides the following features for enhancing data security.
Owner Names
The MicroKernel Engine allows you to restrict access to a file by assigning an owner name using the Set Owner operation (see Set Owner (29) in Btrieve API Guide.) Once you assign an owner name to a file, the MicroKernel Engine requires that the name be specified to access the file. This prevents any unauthorized access or changing of a file’s contents by users or applications that do not provide the owner name.
Likewise, you can clear the owner name from a file if you know the owner name assigned to it.
Owner names are are case sensitive and can be short or long. A “short” owner name can be up to 8 bytes long. A “long” owner name can be up to 24 bytes long. For restrictions pertaining to long owner names, see the section Procedure in Btrieve API Guide for Set Owner (29).
You can restrict access to the file in these ways:
Users can have read-only access without supplying an owner name. However, neither a user nor a task can change the file’s contents without supplying the owner name. Attempting to do so causes the MicroKernel Engine to return an error.
Users can be required to supply an owner name for any access mode. The MicroKernel Engine restricts all access to the file unless the correct owner name is supplied.
When you assign an owner name, you can also request that the database engine encrypt the data in the disk file using the owner name as the encryption key. Encrypting the data on the disk ensures that unauthorized users cannot examine your data by using a debugger or a file dump utility. When you use the Set Owner operation and specify encryption, the encryption occurs immediately. The MicroKernel Engine has control until the entire file is encrypted, and the larger the file, the longer the encryption process takes. Because encryption requires additional processing time, you should select this option only if data security is important in your environment.
You can use the Clear Owner (30) operation to remove ownership restrictions from a file if you know the owner name assigned to it. In addition, if you use the Clear Owner operation on an encrypted file, the database engine decrypts it.
Exclusive Mode
To limit access to a file to a single client, you can specify that the MicroKernel Engine open the file in exclusive mode. When a client opens a file in exclusive mode, no other client can open the file until the client that opened the file in exclusive mode closes it.
SQL Security
See Database URIs for information on database Uniform Resource Indicator (URI) strings. See the PSQL User Guide for how to access the PCC security settings.