Access Control
Information about access control functionalities (work in progress).
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification | |
|---|---|---|---|---|---|---|---|---|---|---|
| Adaptive Server Enterprise | Yes (optional; to pay) | Yes | Yes (optional ?) | Yes | Partial (need to register; depend on which product) | Yes | Yes | Yes | Yes | Yes (EAL4+ 1) |
| Advantage Database Server | Yes | No | No | No | Yes | Yes | No | No | Yes | ? |
| DB2 | Yes | ? | Yes (LDAP, Kerberos…) | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+6) |
| Empress Embedded Database | ? | ? | No | No | Yes | Yes | Yes | No | Yes | No |
| Firebird | No | Yes | Yes (Windows trusted authenification) | No | Partial (no security page) | Yes | No | No | No7 | ? |
| HSQLDB | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | No |
| H2 | Yes | Yes | ? | No | ? | Yes | ? | Yes | Yes | No |
| Informix Dynamic Server | Yes | ? | Yes10 | ?10 | Yes | Yes | Yes | Yes | Yes | ? |
| Linter SQL RDBMS | Yes (with SSL) | Yes | No | Yes (length only) | ? | Yes | Yes | Yes | Yes | Yes |
| MariaDB | Yes (SSL) | No | Yes (with 5.2, but not on Windows servers) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| MySQL | Yes (SSL with 4.0) | No | Yes (with 5.5, but only in commercial edition) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| OpenBase SQL | Yes | ? | Yes (Open Directory, LDAP) | No | ? | ? | ? | ? | ? | ? |
| Microsoft SQL Server | Yes | ? | Yes (Microsoft Active Directory) | Yes | Yes | Yes | Yes (From 2008) | Yes | Yes | Yes (EAL1+1) |
| Microsoft SQL Server Compact (Embedded Database) | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Yes | Yes (file access) | Yes | Yes | No | ? |
| Oracle | Yes | Yes | Yes | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+1) |
| PostgreSQL | Yes | Yes (for 9.1) | Yes (LDAP, Kerberos…9) | Yes (as of 9.0 with passwordcheck module) | Yes | Yes | No | Yes | Yes | Yes (EAL11) |
| RDM Embedded | No | No | No | No | No | Yes | No | No | No | No |
| RDM Server | Yes | No | No | No | No | Yes | Yes | No | Yes | No |
| SQL Anywhere | Yes | ? | Yes (Kerberos) | Yes | ? | Yes | Yes | No | Yes | Yes (EAL3+1 as Adaptive Server Anywhere) |
| SQLite | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Partial (no security page) | Yes (file access) | Yes | Yes | No | No |
| Xeround Cloud Database | Yes (SSL with 4.0) | No | No | No | N/A - database as a service | Yes | No | No | No | No |
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification |
Note (1): Network traffic could be transmitted in a secure way (not clear-text, en general SSL encryption). Precise if option is default, included option or an extra modules to buy.
Note (2): Options are present to set a minimum size for password, respect complexity like presence of numbers or special characters.
Note (3): How do you get security updates? Is it free access, do you need a login or to pay? Is there easy access through a Web/FTP portal or RSS feed or only through offline access (mail CD-ROM, phone).
Note (4): Does database process run as root/administrator or unprivileged user? What is default configuration?
Note (5): Is there a separate user to manage special operation like backup (only dump/restore permissions), security officer (audit), administrator (add user/create database), etc.? Is it default or optional?
Note (6): Common Criteria certified product list
Note (7): FirebirdSQL seems to only have SYSDBA user and DB owner. There are no separate roles for backup operator and security administrator.
Note (8): User can define a dedicated backup user but nothing particular in default install
Note (9): Authentication methods
Note (10): Informix Dynamic Server supports PAM and other configurable authentication. By default uses OS authentication.
Read more about this topic: Comparison Of Relational Database Management Systems
Famous quotes containing the words access and/or control:
“Whilst the rights of all as persons are equal, in virtue of their access to reason, their rights in property are very unequal. One man owns his clothes, and another owns a country.”
—Ralph Waldo Emerson (1803–1882)
“Every expansion of government in business means that government in order to protect itself from the political consequences of its errors and wrongs is driven irresistibly without peace to greater and greater control of the nation’s press and platform. Free speech does not live many hours after free industry and free commerce die.”
—Herbert Hoover (1874–1964)