Difference between revisions of "Securing Your Data"
Yvonnemilne (Talk | contribs) (→Controlling Access to Data) |
Yvonnemilne (Talk | contribs) (→Controlling Access to Data) |
||
Line 28: | Line 28: | ||
|- | |- | ||
|} | |} | ||
+ | |||
+ | SECURITY</span><br> | ||
+ | As mentioned above, all Recital files are subject to Operating System | ||
+ | read and write permissions. These permissions can be further refined, | ||
+ | while still using the Operating System user and group IDs, in the | ||
+ | Security and Protection sections of the Dictionary. The Security | ||
+ | section handles table based operations and the Protection section | ||
+ | focuses on individual fields.</p> | ||
+ | <p>Security and Protection rules can be defined in the CREATE/MODIFY | ||
+ | STRUCTURE worksurface of Recital Terminal Developer, via the SQL | ||
+ | GRANT and REVOKE statements or in the Recital Enterprise Studio | ||
+ | Database Administrator.</p> | ||
+ | <p><a href="Create_Security_screenshot.htm" target="_blank"><img src="create_security10.gif" width="115" height="72" border="0"></a> | ||
+ | Click image to display full size </p> | ||
+ | |||
+ | <p>Fig 5: MODIFY STRUCTURE Worksurface: Security.</p> | ||
+ | <p>The Security section has table operations for which Access Control | ||
+ | Strings can be specified. An Access Control String (ACS) is a range | ||
+ | of valid user identification codes, and is used to restrict table | ||
+ | operations to certain individuals or groups. Each user on the system | ||
+ | is allocated a group number and a user number. The user identification | ||
+ | code is the combination of group and user numbers. When constructing | ||
+ | an Access Control String of linked user identification codes, wild | ||
+ | card characters may be used.</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Example ACS</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | |||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>[1,2]</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>In group 1, user 2</p> | ||
+ | </td> | ||
+ | |||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>[100,*]</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>In group 100, all users</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>[2-7,*]</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>In groups 2-7, all users</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>[*,100-200]</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>In all groups, users 100-200</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>[1,*]&[2-7,1-7]</p> | ||
+ | </td> | ||
+ | |||
+ | <td valign=top width="75%"> | ||
+ | <p>In group 1, all users, in groups 2-7, users 1-7</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <p>Please note that the maximum ACS length is 254 characters. OpenVMS | ||
+ | group and user numbers are stored and specified in octal. On other | ||
+ | Operating Systems, group and user numbers are stored and specified | ||
+ | in decimal.</p> | ||
+ | <p>Access Control Strings may be associated with the following operations:</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Operation</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>READONLY</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS have read-only access to the table. | ||
+ | All other users have update access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>UPDATE</p> | ||
+ | </td> | ||
+ | |||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS have update access to the table. | ||
+ | All other users are restricted to read-only access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>APPEND</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can append records into the table. | ||
+ | No other users can append.</p> | ||
+ | |||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>DELETE</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can delete records from the table. | ||
+ | No other users can delete.</p> | ||
+ | </td> | ||
+ | |||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>COPY</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can copy records from the table. | ||
+ | No other users can copy.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>ADMIN</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can use the following commands:<br> | ||
+ | SET DICTIONARY TO<br> | ||
+ | MODIFY STRUCTURE<br> | ||
+ | |||
+ | PACK<br> | ||
+ | ZAP<br> | ||
+ | REINDEX<br> | ||
+ | All other users cannot, except the creator of the table, who | ||
+ | is always granted ADMIN access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | |||
+ | <p>The corresponding SQL privileges are:</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Operation</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | </td> | ||
+ | |||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>SELECT</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may name any column in a SELECT | ||
+ | statement. All other users have update access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>UPDATE</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may name any column in an UPDATE | ||
+ | statement. All other users are restricted to read-only access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>INSERT</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can INSERT rows into the table. | ||
+ | No other users can INSERT.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>DELETE</p> | ||
+ | </td> | ||
+ | |||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can DELETE rows from the table. | ||
+ | No other users can DELETE.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>ALTER</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS can use the ALTER TABLE statement | ||
+ | on this table.</p> | ||
+ | |||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>READONLY</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may read any column in a SELECT | ||
+ | statement. All other users have update access.</p> | ||
+ | </td> | ||
+ | |||
+ | </tr> | ||
+ | </table> | ||
+ | <p>E.g.</p> | ||
+ | <table width="100%" class="tablecode"> | ||
+ | <tr> | ||
+ | <td> </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td> | ||
+ | <pre><span class="style2"><font size="2">// Grant insert privilege for the customer table</font></span> | ||
+ | |||
+ | <font size="2">exec sql | ||
+ | OPEN DATABASE southwind; | ||
+ | exec sql | ||
+ | GRANT UPDATE (lastname, firstname) | ||
+ | INSERT ON customers | ||
+ | TO '[20,100]'; | ||
+ | |||
+ | <span class="style2">// Grant all privileges to all users</span> | ||
+ | exec sql | ||
+ | OPEN DATABASE southwind; | ||
+ | exec sql | ||
+ | GRANT ALL | ||
+ | ON shippers TO PUBLIC;</font></pre> | ||
+ | <p></p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <p><span class="style1">PROTECTION</span></p> | ||
+ | <p>Security and Protection rules can be defined in the CREATE/MODIFY | ||
+ | STRUCTURE worksurface of Recital Terminal Developer, via the SQL | ||
+ | GRANT and REVOKE statements or in the Recital Enterprise Studio | ||
+ | Database Administrator.</p> | ||
+ | |||
+ | <p><a href="DBA_Protection_screenshot.htm" target="_blank"><img src="dba_protection10.gif" width="114" height="87" border="0"></a> | ||
+ | Click image to display full size </p> | ||
+ | <p>Fig 6: Database Administrator: Protection.</p> | ||
+ | <p><br> | ||
+ | The format of the ACS is the same as in <SECURITY> above. | ||
+ | The following protection can be defined:</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Operation</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>READONLY</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS have read-only access to the field. | ||
+ | All other users have update access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>UPDATE</p> | ||
+ | </td> | ||
+ | |||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS have update access to the field. | ||
+ | All other users are restricted to read-only access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <p>Recital Terminal Developer also has 'HIDDEN' Protection:</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Operation</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>HIDDEN</p> | ||
+ | </td> | ||
+ | |||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS see the 'hiddenfield'character | ||
+ | rather than the data in the field. All other users see the | ||
+ | data.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <p>Hidden fields can be accessed and viewed on a work surface, but | ||
+ | the field contains the hiddenfield character, ‘?’. If | ||
+ | the field is referenced in an expression, it will contain the following: | ||
+ | blanks for character fields, ‘F’ for logical fields, 00/00/0000 | ||
+ | for date fields and blank for memo fields.</p> | ||
+ | |||
+ | <p>The corresponding SQL privileges are:</p> | ||
+ | <table border="1" cellspacing=0 bordercolor="#FFFFFF" bgcolor="#E5E5F0" width="100%"> | ||
+ | <tr> | ||
+ | <td valign=top width="25%" class="tableheaderMain"> | ||
+ | <p>Operation</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%" class="tableheaderMain"> | ||
+ | <p>Description</p> | ||
+ | </td> | ||
+ | |||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>SELECT</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may name the column in a SELECT | ||
+ | statement. All other users have update access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | |||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>UPDATE</p> | ||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may name the column in an UPDATE | ||
+ | statement. All other users are restricted to read-only access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td valign=top width="25%"> | ||
+ | <p>READONLY</p> | ||
+ | |||
+ | </td> | ||
+ | <td valign=top width="75%"> | ||
+ | <p>Users specified in the ACS may read the column in a SELECT | ||
+ | statement. All other users have update access.</p> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <p>E.g.</p> | ||
+ | |||
+ | <code lang="recital"> | ||
+ | // Grant update privilege for columns lastname and firstname from the customer table | ||
+ | open database southwind | ||
+ | grant update (lastname, firstname) on customers TO "[20,100]" | ||
+ | </code> | ||
===Protecting Data with Constraints=== | ===Protecting Data with Constraints=== |
Revision as of 16:34, 25 January 2010
Contents
Securing Your Data
Controlling Access to Data
The most basic level of database security is provided by the operating system. Recital tables and indexes are individual files with their own respective operating system file permissions. Read permission is required to open a table and write permission to update a table. If a user does not have read permission they are denied access. Without write permission, a table will be opened read-only.
Here the owner, root, and members of the recital group have write permission, so can update the example table unless additional protection applies. Other users can only open the example table read-only.
# ls -l example* -rwxrwxr-x 1 root recital 147 Nov 29 14:27 example.dbd -rwxrwxr-x 1 root recital 41580 Nov 29 14:27 example.dbf -rwxrwxr-x 1 root recital 13312 Nov 29 14:28 example.dbt -rwxrwxr-x 1 root recital 19456 Nov 29 14:28 example.dbx
Note: As in the example above, a table's associated files should have the same permissions as the table itself:
File Extension | File Type |
---|---|
.dbd | Dictionary |
.dbf | Table |
.dbt | Memo |
.dbx | Index |
SECURITY</span>
As mentioned above, all Recital files are subject to Operating System read and write permissions. These permissions can be further refined, while still using the Operating System user and group IDs, in the Security and Protection sections of the Dictionary. The Security section handles table based operations and the Protection section focuses on individual fields.</p>
Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.
<a href="Create_Security_screenshot.htm" target="_blank"><img src="create_security10.gif" width="115" height="72" border="0"></a> Click image to display full size
Fig 5: MODIFY STRUCTURE Worksurface: Security.
The Security section has table operations for which Access Control Strings can be specified. An Access Control String (ACS) is a range of valid user identification codes, and is used to restrict table operations to certain individuals or groups. Each user on the system is allocated a group number and a user number. The user identification code is the combination of group and user numbers. When constructing an Access Control String of linked user identification codes, wild card characters may be used.
Example ACS |
Description |
[1,2] |
In group 1, user 2 |
[100,*] |
In group 100, all users |
[2-7,*] |
In groups 2-7, all users |
[*,100-200] |
In all groups, users 100-200 |
[1,*]&[2-7,1-7] |
In group 1, all users, in groups 2-7, users 1-7 |
Please note that the maximum ACS length is 254 characters. OpenVMS group and user numbers are stored and specified in octal. On other Operating Systems, group and user numbers are stored and specified in decimal.
Access Control Strings may be associated with the following operations:
Operation |
Description |
READONLY |
Users specified in the ACS have read-only access to the table. All other users have update access. |
UPDATE |
Users specified in the ACS have update access to the table. All other users are restricted to read-only access. |
APPEND |
Users specified in the ACS can append records into the table. No other users can append. |
DELETE |
Users specified in the ACS can delete records from the table. No other users can delete. |
COPY |
Users specified in the ACS can copy records from the table. No other users can copy. |
ADMIN |
Users specified in the ACS can use the following commands: |
The corresponding SQL privileges are:
Operation |
Description |
SELECT |
Users specified in the ACS may name any column in a SELECT statement. All other users have update access. |
UPDATE |
Users specified in the ACS may name any column in an UPDATE statement. All other users are restricted to read-only access. |
INSERT |
Users specified in the ACS can INSERT rows into the table. No other users can INSERT. |
DELETE |
Users specified in the ACS can DELETE rows from the table. No other users can DELETE. |
ALTER |
Users specified in the ACS can use the ALTER TABLE statement on this table. |
READONLY |
Users specified in the ACS may read any column in a SELECT statement. All other users have update access. |
E.g.
<span class="style2"><font size="2">// Grant insert privilege for the customer table</font></span> <font size="2">exec sql OPEN DATABASE southwind; exec sql GRANT UPDATE (lastname, firstname) INSERT ON customers TO '[20,100]'; <span class="style2">// Grant all privileges to all users</span> exec sql OPEN DATABASE southwind; exec sql GRANT ALL ON shippers TO PUBLIC;</font> |
PROTECTION
Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.
<a href="DBA_Protection_screenshot.htm" target="_blank"><img src="dba_protection10.gif" width="114" height="87" border="0"></a> Click image to display full size
Fig 6: Database Administrator: Protection.
The format of the ACS is the same as in <SECURITY> above.
The following protection can be defined:
Operation |
Description |
READONLY |
Users specified in the ACS have read-only access to the field. All other users have update access. |
UPDATE |
Users specified in the ACS have update access to the field. All other users are restricted to read-only access. |
Recital Terminal Developer also has 'HIDDEN' Protection:
Operation |
Description |
HIDDEN |
Users specified in the ACS see the 'hiddenfield'character rather than the data in the field. All other users see the data. |
Hidden fields can be accessed and viewed on a work surface, but the field contains the hiddenfield character, ?. If the field is referenced in an expression, it will contain the following: blanks for character fields, F for logical fields, 00/00/0000 for date fields and blank for memo fields.
The corresponding SQL privileges are:
Operation |
Description |
SELECT |
Users specified in the ACS may name the column in a SELECT statement. All other users have update access. |
UPDATE |
Users specified in the ACS may name the column in an UPDATE statement. All other users are restricted to read-only access. |
READONLY |
Users specified in the ACS may read the column in a SELECT statement. All other users have update access. |
E.g.
// Grant update privilege for columns lastname and firstname from the customer table open database southwind grant update (lastname, firstname) on customers TO "[20,100]"
Protecting Data with Constraints
DES3 Encrypting Your Data
Recital gives you the ability to encrypt the data held in Recital tables. Once a table has been encrypted, the data cannot be accessed unless the correct three-part encryption key is specified, providing additional security for sensitive data.
encrypt <tablename as character> | <skeleton as character> key <key as character>
The encrypt command is used to encrypt the data in the specified table or tables matching a skeleton. If the skeleton syntax is used, then all matching tables will be given the same encryption key. The encryption key is a three part comma-separated key and may optionally be enclosed in angled brackets. Each part of the key can be a maximum of 8 characters. The key is DES3 encrypted and stored in a .dkf file with the same basename as the table. After encryption, the three parts of the key must be specified correctly before the table can be accessed.
// Encrypt individual tables encrypt customers key "key_1,key_2,key_3" encrypt employees key "<key_1,key_2,key_3>" // Encrypt all .dbf files in the directory encrypt *.dbf key "key_1,key_2,key_3"
set encryption to [<key as character>] set encryption on | off
If a database table is encrypted, the correct three-part encryption key must be specified before the table's data or structure can be accessed. The set encryption to set command can be used to specify a default encryption key to be used whenever an encrypted table is accessed without the key being specified. The encryption key is a three part comma-separated key.
If the command to access the table includes the key, either by appending it to the table filename specification or using an explicit clause, this will take precedence over the key defined by set encryption to. Issuing set encryption to without a key causes any previous setting to be cleared. The key must then be specified for each individual encrypted table.
The default key defined by set encryption to is only active when set encryption is on. Set encryption off can be used to temporarily disable the default key. The set encryption on | off setting does not change the default key itself. Set encryption is on by default.
// Encrypt individual tables encrypt customers key "key_1,key_2,key_3" encrypt shippers key "key_2,key_3,key_4" // Specify a default encryption key set encryption to "key_1,key_2,key_3" // Open customers table using the default encryption key use customers // Specify shippers table's encryption key use shippers<key_2,key_3,key_4> // Disable the default encryption key set encryption to // Specify the individual encryption keys use customers encryption "key_1,key_2,key_3" use shippers<key_2,key_3,key_4>
encrypt <tablename as character> | <skeleton as character> key <key as character>
The decrypt command is used to decrypt the data in the specified table or tables matching a skeleton. The specified key must contain the three part comma-separated key used to previously encrypt the table and may optionally be enclosed in angled brackets. The skeleton syntax can only be used if all tables matching the skeleton have the same key.
The decrypt command decrypts the data and removes the table's '.dkf file. After decryption, the key need no longer be specified to gain access to the table.
// Decrypt individual tables decrypt customers key "key_1,key_2,key_3" decrypt employees key "<key_1,key_2,key_3>" // Decrypt all .dbf files in the directory decrypt *.dbf key "key_1,key_2,key_3"
All of the following commands are affected when a table is encrypted:
- append from - append records to the active table from another table
// The key must be specified for an encrypted source table use mycustomers append from customers encryption "key_1,key_2,key_3"; for country = "UK"
- copy file - copy a file
// The key file must also be copied for an encrypted source table // as the target table will be encrypted encrypt customers key "key_1,key_2,key_3" copy file customers.dbf to newcustomers.dbf copy file customers.dkf to newcustomers.dkf use newcustomers encryption "key_1,key_2,key_3"
- copy structure - copy a table's structure to a new table
// The key file is automatically copied for an encrypted source table // and the target table encrypted encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy structure to blankcust use blankcust encryption "key_1,key_2,key_3"
- copy - copy a table
// By default, the key file is automatically copied for an encrypted // source table and the target table encrypted with the same key encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy to newcustomers use newcustomers encryption "key_1,key_2,key_3" // You can also create a copy with a different key encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3" use newcustomers encryption "newkey_1,newkey_2,newkey_3" // Or create a decrypted copy encrypt customers key "key_1,key_2,key_3"; use customers encryption "key_1,key_2,key_3" copy to newcustomers decrypt use newcustomers // You can also create an encrypted copy of a non-encrypted source table use orders copy to encorders encrypt "newkey_1,newkey_2,newkey_3" use encorders encryption "newkey_1,newkey_2,newkey_3"
- dir - display a directory listing of tables
// Encrypted tables are flagged as such with (DES3) open database southwind dir
Current database: southwind Tables # Records Last Update Size Dictionary Triggers Security categories.dbf 8 01/10/09 24576 None None None cisamdemo.dbf ---> CISAM/Bridge [cisamdemo] customers.dbf (DES3) 91 05/12/09 49600 None None None employees.dbf 9 05/12/09 25520 None None None example.dbf (DES3) 100 12/24/09 38080 Yes Yes None order_details.dbf 2155 05/12/09 296320 None None None orders.dbf 829 05/12/09 232704 None None None products.dbf 77 05/12/09 37112 None None None productsbyname.dbf 77 05/12/09 29104 None None None shippers.dbf (DES3) 3 05/12/09 20864 None None None suppliers.dbf 29 12/08/09 29992 Yes None None 0.765 MB in 11 files. 1.093 GB remaining on drive.
- use - open a table
// The three part key must be specified to open an // encrypted table. All of the following are valid. // 1. Specifying a default encryption key before opening the table set encryption to "key_1,key_2,key_3" use customers // 2. Appending the key to the filename use customers<key_1,key_2,key_3> // 3. Using the ENCRYPTION clause, optionally specifying angled brackets use customers encryption "key_1,key_2,key_3" use customers encryption "<key_1,key_2,key_3>"
- SQL insert - add a row to a table
// The three part key can be specified using a // default encryption key before opening the table open database southwind set encryption to "key_1,key_2,key_3" insert into customers; (customerid, companyname); values ("RECIT","Recital Corporation") // Or by appending the key to the filename open database southwind insert into customers<key_1,key_2,key_3>; (customerid, companyname); values ("RECIT","Recital Corporation")
- SQL select - return data from a table or tables
// The three part key can be specified using a // default encryption key before opening the table open database southwind set encryption to "key_1,key_2,key_3" select * from customers // Or by appending the key to the filename open database southwind select * from customers<key_1,key_2,key_3>
- SQL update - update data in a table
// The three part key can be specified using a // default encryption key before opening the table open database southwind set encryption to "key_1,key_2,key_3" update customers; set companyname="Recital Corporation Inc."; where customerid="RECIT" // Or by appending the key to the filename open database southwind update customers<key_1,key_2,key_3>; set companyname="Recital Corporation Inc."; where customerid="RECIT"