|
|
|
FairCom DB provides a variety of keywords that can be used for security purposes.
Note: FairCom DB File and User Security are available only when using the client/server operational model.
Encryption
Encrypt the FAIRCOM.FCS file at the time it is created.
Enable advanced encryption for files.
The configuration option ALLOW_MASTER_KEY_CHANGE specifies whether the master password is changeable.
Change the encryption attributes of a file using the compact function from a client.
When specified, FairComDB uses the OpenSSL 3.0 FIPS module for encryption routines.
Specifies the PEM-encoded file containing parameters for Diffe-Hellman key exchange.
Camouflages the contents of the transaction logs to deter unauthorized access.
Specifies a file from which c-tree reads the master encryption key.
Specify the path of a user-created library (.dll, .so, or .dylib file) that provides the advanced encryption master key at startup time.
Encrypt client passwords with OpenSSL before they are transmitted to the server.
Sets the server to read-only mode.
User Access
Passwords to expire after this many days. Login attempts will fail with PWDEXP_ERR (1116). The ADMIN account is excluded from password expiration.
Specifies the optional limit on the number of consecutive failed logons that causes subsequent logon attempts to fail for LOGON_FAIL_TIME minutes.
The length of time logons are blocked after the logon limit is exceeded.
Requires users to log on “at-least-once” within the specified time.
Enforces a minimum length when setting a new password.
Enforces a minimum number of character classes from lower case, upper case, numbers, and symbols when setting a new password.
Prevents non-ADMIN user logons when the server is started.
Tamper-Proof Settings
These keywords affect people's ability to alter system integrity by overriding settings from a command line or by altering configuration files. See also Settings File.
Defines a symbol that represents a null string so that options can be blocked in the settings file without activating them.
Instructs FairCom DB to ignore command-line arguments.
Instructs FairCom DB to ignore the standard configuration file, ctsrvr.cfg.
Restrictions
Enables the file transfer function, ctTransferFile(), which is used to transfer a file to or from the server.
Protects the resource APIs, ADDRES(), UPDRES(), and DELRES(), with safeguards against unauthorized modification of file definition resources such as IFIL definitions, conditional indexes, row-level filters, etc.
Security-Related Compatibility Options
Permits a non-ADMIN user to set a file block if the blocking user has the file opened with update permissions.
Permits a non-ADMIN user to call ctQuiet() to quiesce the server.
COMPATIBILITY NONADMIN_TRANSFER_FILE
Permits a non-ADMIN user to call ctTransferFile() to transfer a file.
COMPATIBILITY NON_ADMIN_SHUTDOWN
Allows non-ADMIN users to shut down the Server.
COMPATIBILITY SQLIMPORT_ADMIN_PASSWORD
Instructs FairCom DB to verify the admin password passed as a parameter.
TLS
Enable logging to facilitate debugging of TLS connections.
Provide the name of the PEM-encoded certificate file that contains this FairCom server's certificate.
Specify an encrypted password file that is used to decrypt this FairCom server's private key file.
Indicates the name of the file containing this FairCom server's private key.
Set the encryption ciphers that are allowed to be used for encrypting TLS connections to this FairCom server.
Specify whether clients are allowed to connect to this FairCom server using non-encrypted connections.
Specify whether clients are required to present valid client certificates when connecting or not.
Specify whether the client's certificate is used for authentication rather than a username/password.
