Home
Security
You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in HCL Informix®
The Informix® Security Guide documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
Connection security
You can administer the security of the connections to the database server by using authentication and authorization processes.
Securing local connections to a host
The database server administrator (DBSA) can use the SECURITY_LOCALCONNECTION configuration parameter to set up security checking for local connections with the same host.

Security
You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
- Security in HCL Informix®
  The Informix® Security Guide documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
  - Securing data
    - HCL Informix® directory security
      utilities and product directories are secure by default.
    - Network data encryption
      Use network encryption to encrypt data transmitted between server and client, and between server and other server.
    - Column-level encryption
      You can use column-level encryption to store sensitive data in an encrypted format. After encrypting sensitive data, such as credit card numbers, only users who can provide a secret password can decrypt the data.
    - Connection security
      You can administer the security of the connections to the database server by using authentication and authorization processes.
      - Authentication mechanisms
        You can configure the Informix® server authentication mechanisms to meet varying requirements, such as different security methods required for local and remote connections, database access by users without operating system accounts on the servers host computer, and non-root installation.
      - Internal users (UNIX™, Linux™)
        The DBSA can grant database access to users that do not authenticate on the OS of the host computer by mapping PAM-authenticated users to OS-level entities or by configuring the server to perform internal authentication.
      - Guest account (Windows™)
        Disable the Windows™ Guest account to prevent anonymous logins.
      - Trusted-context objects and trusted connections
        You can use trusted-context objects and trusted connections to increase system performance and security within a three-tier application model.
      - Pluggable authentication modules (UNIX™ or Linux™)
        A Pluggable Authentication Module (PAM) is a well-defined framework for supporting different authentication modules that were originally developed by Sun Microsystems. PAM is supported in both 32- and 64-bit modes on Solaris, Linux™, HP-UX and AIX®.
      - LDAP authentication support on Windows™
      - Authentication module deployment
      - Simple password encryption
        The simple password communication support module (SPWDCSM) provides password encryption.
      - Single sign-on
        Single sign-on is an authentication feature that bypasses the requirement to provide user name and password after a user logs into the client computer's operating system.
      - Securing local connections to a host
        The database server administrator (DBSA) can use the SECURITY_LOCALCONNECTION configuration parameter to set up security checking for local connections with the same host.
      - Limiting denial-of-service flood attacks
        Informix® has multiple listener threads (listen_authenticate) to limit denial-of-service (DOS) attacks.
    - Discretionary access control
      Discretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.
    - Label-Based Access Control
      You can use label-based access control (LBAC), an implementation of multi-level security (MLS), to control who has read access and who has write access to individual rows and columns of data.
  - Auditing data security

Securing local connections to a host

The database server administrator (DBSA) can use the SECURITY_LOCALCONNECTION configuration parameter to set up security checking for local connections with the same host.

The following table shows the settings of the SECURITY_LOCALCONNECTION configuration parameter that you can use.

Table 1. SECURITY_LOCALCONNECTION configuration parameter settings
Setting	Explanation
0	No security checking occurs.
1	Informix® compares the user ID of the owner trying to connect with the connection user ID. If these do not match, Informix® rejects the connection.
2	Informix® performs the same checking that is performed when SECURITY_LOCALCONNECTION is set to 1. In addition, Informix® gets the peer port number from the network API and verifies that the connection is coming from the client program. If you set SECURITY_LOCALCONNECTION to 2, you must have SOCTCP or IPCSTR network protocols.

If SECURITY_LOCALCONNECTION is set to 1 or 2, Informix® establishes a connection only if the connection meets the requirements of the security check.