c-treeACE V10.0 Update Guide

Other Lockdowns

c-treeACE services thousands of mission-critical applications in many sensitive industries including banking, finance, and health care. The increasing demand to provide users with highly secured access to systems and data continues to impact developers in these and many other industries. Providing the necessary security required to safeguard mission-critical data is crucial.

In our ongoing security reviews, we have implemented numerous elevated security controls assisting developers in securely transmitting and storing data:

• Enhanced security of c-treeACE logons - Secure logon for ISAM and SQL connections in which the client never passes any user’s password in a form that can be deciphered.
• Server encryption master key enhancement - Increased advanced encryption master key length from 128 to 256 bits and, on Windows, added support for reading the master key from an encrypted file when c-treeACE Server starts. c-treeACE’s advanced encryption uses a master encryption key to encrypt the following items using the AES cipher:

  a) the security resource in c-treeACE data and index files that use advanced encryption,
  b) the encryption key in the transaction log file header when using advanced log encryption.

  Now, when advanced encryption and FAIRCOM.FCS encryption (ADMIN_ENCRYPT) are enabled, when the FAIRCOM.FCS file is created it is encrypted using AES 256-bit encryption. When using advanced encryption and transaction log encryption, c-treeACE now uses a 256-bit key to encrypt the transaction logs. (Previously, the transaction log encryption key was 128 bits.)

• Function to change master encryption password - The advanced encryption feature uses a master password to encrypt the file-specific advanced encryption key in data, index, and transaction log files that use advanced encryption. A new function can change the password used to encrypt the file-specific encryption keys in the specified files.