Jump to main content
Product Documentation
Customer Support
HCL OneDB 2.0.1
What's new in
HCL OneDB™
2.0.1
Getting Started
Installing
Administering
Migrating and upgrading
Data warehousing
Security
Client APIs and tools
SQL programming
JSON compatibility
Extending
HCL OneDB™
Designing databases
Embedding
HCL OneDB™
Release information
Troubleshooting
HCL OneDB™
Search
Home
Security
You can secure your
HCL OneDB™
database server and the data that is stored in your
HCL OneDB™
databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in
HCL OneDB™
The
HCL OneDB™
Security Guide
documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
Network data encryption
Use network encryption to encrypt data transmitted between server and client, and between server and other server.
Background Knowledge on Keystores
This topic offers some generic insights into keystores and how they are used for secure communications with the TLS (Transport Layer Security) protocol. While the first part provides the theoretical background, the second part shows examples for applying this in practice using OpenSSL.
Examples for creating keystores using OpenSSL
Few details to know when using "openssl"
Security
You can secure your
HCL OneDB™
database server and the data that is stored in your
HCL OneDB™
databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in
HCL OneDB™
The
HCL OneDB™
Security Guide
documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
HCL OneDB™
directory security
HCL OneDB™
utilities and product directories are secure by default.
Network data encryption
Use network encryption to encrypt data transmitted between server and client, and between server and other server.
Enterprise replication and high availability network data encryption
You can configure network data encryption for Enterprise Replication and high availability clusters by using configuration parameters.
Secure sockets layer protocol
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are communication protocols that use encryption to provide privacy and integrity for data communication through a reliable end-to-end secure connection between two points over a network.
Background Knowledge on Keystores
This topic offers some generic insights into keystores and how they are used for secure communications with the TLS (Transport Layer Security) protocol. While the first part provides the theoretical background, the second part shows examples for applying this in practice using OpenSSL.
Concepts of Keys, Certificates and Keystores for TLS
This section explains keystores for TLS/SSL (Transport Layer Security / Secure Socket Layer) connections between database clients and servers.
Examples for creating keystores using OpenSSL
Using the OpenSSL tool and utilities
Setting up a CA with OpenSSL
Creating the keystore for a database server
Creating the keystore for a database client
Few details to know when using "openssl"
Modifying an existing keystore
Extracting objects from a keystore into PEM files
Using a single PEM input file to create a keystore
Extracting certificates for the database client from the database server's keystore
X.509v3 certificate extension "Basic Constraints"
Column-level encryption
You can use column-level encryption to store sensitive data in an encrypted format. After encrypting sensitive data, such as credit card numbers, only users who can provide a secret password can decrypt the data.
Connection security
You can administer the security of the connections to the database server by using authentication and authorization processes.
Discretionary access control
Discretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.
Label-Based Access Control
You can use label-based access control (LBAC), an implementation of multi-level security (MLS), to control who has read access and who has write access to individual rows and columns of data.
Storage space encryption
You can encrypt storage spaces (dbspaces, blobspaces and smart blobspaces) with Onedb Server. The data in encrypted storage spaces is unintelligible without the encryption key. Encrypting storage spaces is an effective way to protect sensitive information that is stored on disk.
Auditing data security
Few details to know when using "openssl"
Modifying an existing keystore
Extracting objects from a keystore into PEM files
Using a single PEM input file to create a keystore
Extracting certificates for the database client from the database server's keystore
X.509v3 certificate extension "Basic Constraints"
Rate this topic
5 stars
4 stars
3 stars
2 stars
1 star
Comment on this topic.
By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at
https://hcltechsw.com/resources/us-government-contact
. Do not include any personal data in this Comment box.