Access Control
Information about access control functionalities (work in progress).
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification | |
|---|---|---|---|---|---|---|---|---|---|---|
| Adaptive Server Enterprise | Yes (optional; to pay) | Yes | Yes (optional ?) | Yes | Partial (need to register; depend on which product) | Yes | Yes | Yes | Yes | Yes (EAL4+ 1) |
| Advantage Database Server | Yes | No | No | No | Yes | Yes | No | No | Yes | ? |
| DB2 | Yes | ? | Yes (LDAP, Kerberos…) | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+6) |
| Empress Embedded Database | ? | ? | No | No | Yes | Yes | Yes | No | Yes | No |
| Firebird | No | Yes | Yes (Windows trusted authenification) | No | Partial (no security page) | Yes | No | No | No7 | ? |
| HSQLDB | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | No |
| H2 | Yes | Yes | ? | No | ? | Yes | ? | Yes | Yes | No |
| Informix Dynamic Server | Yes | ? | Yes10 | ?10 | Yes | Yes | Yes | Yes | Yes | ? |
| Linter SQL RDBMS | Yes (with SSL) | Yes | No | Yes (length only) | ? | Yes | Yes | Yes | Yes | Yes |
| MariaDB | Yes (SSL) | No | Yes (with 5.2, but not on Windows servers) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| MySQL | Yes (SSL with 4.0) | No | Yes (with 5.5, but only in commercial edition) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| OpenBase SQL | Yes | ? | Yes (Open Directory, LDAP) | No | ? | ? | ? | ? | ? | ? |
| Microsoft SQL Server | Yes | ? | Yes (Microsoft Active Directory) | Yes | Yes | Yes | Yes (From 2008) | Yes | Yes | Yes (EAL1+1) |
| Microsoft SQL Server Compact (Embedded Database) | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Yes | Yes (file access) | Yes | Yes | No | ? |
| Oracle | Yes | Yes | Yes | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+1) |
| PostgreSQL | Yes | Yes (for 9.1) | Yes (LDAP, Kerberos…9) | Yes (as of 9.0 with passwordcheck module) | Yes | Yes | No | Yes | Yes | Yes (EAL11) |
| RDM Embedded | No | No | No | No | No | Yes | No | No | No | No |
| RDM Server | Yes | No | No | No | No | Yes | Yes | No | Yes | No |
| SQL Anywhere | Yes | ? | Yes (Kerberos) | Yes | ? | Yes | Yes | No | Yes | Yes (EAL3+1 as Adaptive Server Anywhere) |
| SQLite | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Partial (no security page) | Yes (file access) | Yes | Yes | No | No |
| Xeround Cloud Database | Yes (SSL with 4.0) | No | No | No | N/A - database as a service | Yes | No | No | No | No |
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification |
Note (1): Network traffic could be transmitted in a secure way (not clear-text, en general SSL encryption). Precise if option is default, included option or an extra modules to buy.
Note (2): Options are present to set a minimum size for password, respect complexity like presence of numbers or special characters.
Note (3): How do you get security updates? Is it free access, do you need a login or to pay? Is there easy access through a Web/FTP portal or RSS feed or only through offline access (mail CD-ROM, phone).
Note (4): Does database process run as root/administrator or unprivileged user? What is default configuration?
Note (5): Is there a separate user to manage special operation like backup (only dump/restore permissions), security officer (audit), administrator (add user/create database), etc.? Is it default or optional?
Note (6): Common Criteria certified product list
Note (7): FirebirdSQL seems to only have SYSDBA user and DB owner. There are no separate roles for backup operator and security administrator.
Note (8): User can define a dedicated backup user but nothing particular in default install
Note (9): Authentication methods
Note (10): Informix Dynamic Server supports PAM and other configurable authentication. By default uses OS authentication.
Read more about this topic: Comparison Of Relational Database Management Systems
Famous quotes containing the words access and/or control:
“Make thick my blood,
Stop up th’ access and passage to remorse,
That no compunctious visitings of nature
Shake my fell purpose.”
—William Shakespeare (1564–1616)
“We long for our father. We wear his clothes, and actually try to fill his shoes. . . . We hang on to him, begging him to teach us how to do whatever is masculine, to throw balls or be in the woods or go see where he works. . . . We want our fathers to protect us from coming too completely under the control of our mothers. . . . We want to be seen with Dad, hanging out with men and doing men things.”
—Frank Pittman (20th century)