Access Control
Information about access control functionalities (work in progress).
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification | |
|---|---|---|---|---|---|---|---|---|---|---|
| Adaptive Server Enterprise | Yes (optional; to pay) | Yes | Yes (optional ?) | Yes | Partial (need to register; depend on which product) | Yes | Yes | Yes | Yes | Yes (EAL4+ 1) |
| Advantage Database Server | Yes | No | No | No | Yes | Yes | No | No | Yes | ? |
| DB2 | Yes | ? | Yes (LDAP, Kerberos…) | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+6) |
| Empress Embedded Database | ? | ? | No | No | Yes | Yes | Yes | No | Yes | No |
| Firebird | No | Yes | Yes (Windows trusted authenification) | No | Partial (no security page) | Yes | No | No | No7 | ? |
| HSQLDB | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | No |
| H2 | Yes | Yes | ? | No | ? | Yes | ? | Yes | Yes | No |
| Informix Dynamic Server | Yes | ? | Yes10 | ?10 | Yes | Yes | Yes | Yes | Yes | ? |
| Linter SQL RDBMS | Yes (with SSL) | Yes | No | Yes (length only) | ? | Yes | Yes | Yes | Yes | Yes |
| MariaDB | Yes (SSL) | No | Yes (with 5.2, but not on Windows servers) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| MySQL | Yes (SSL with 4.0) | No | Yes (with 5.5, but only in commercial edition) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| OpenBase SQL | Yes | ? | Yes (Open Directory, LDAP) | No | ? | ? | ? | ? | ? | ? |
| Microsoft SQL Server | Yes | ? | Yes (Microsoft Active Directory) | Yes | Yes | Yes | Yes (From 2008) | Yes | Yes | Yes (EAL1+1) |
| Microsoft SQL Server Compact (Embedded Database) | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Yes | Yes (file access) | Yes | Yes | No | ? |
| Oracle | Yes | Yes | Yes | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+1) |
| PostgreSQL | Yes | Yes (for 9.1) | Yes (LDAP, Kerberos…9) | Yes (as of 9.0 with passwordcheck module) | Yes | Yes | No | Yes | Yes | Yes (EAL11) |
| RDM Embedded | No | No | No | No | No | Yes | No | No | No | No |
| RDM Server | Yes | No | No | No | No | Yes | Yes | No | Yes | No |
| SQL Anywhere | Yes | ? | Yes (Kerberos) | Yes | ? | Yes | Yes | No | Yes | Yes (EAL3+1 as Adaptive Server Anywhere) |
| SQLite | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Partial (no security page) | Yes (file access) | Yes | Yes | No | No |
| Xeround Cloud Database | Yes (SSL with 4.0) | No | No | No | N/A - database as a service | Yes | No | No | No | No |
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification |
Note (1): Network traffic could be transmitted in a secure way (not clear-text, en general SSL encryption). Precise if option is default, included option or an extra modules to buy.
Note (2): Options are present to set a minimum size for password, respect complexity like presence of numbers or special characters.
Note (3): How do you get security updates? Is it free access, do you need a login or to pay? Is there easy access through a Web/FTP portal or RSS feed or only through offline access (mail CD-ROM, phone).
Note (4): Does database process run as root/administrator or unprivileged user? What is default configuration?
Note (5): Is there a separate user to manage special operation like backup (only dump/restore permissions), security officer (audit), administrator (add user/create database), etc.? Is it default or optional?
Note (6): Common Criteria certified product list
Note (7): FirebirdSQL seems to only have SYSDBA user and DB owner. There are no separate roles for backup operator and security administrator.
Note (8): User can define a dedicated backup user but nothing particular in default install
Note (9): Authentication methods
Note (10): Informix Dynamic Server supports PAM and other configurable authentication. By default uses OS authentication.
Read more about this topic: Comparison Of Relational Database Management Systems
Famous quotes containing the words access and/or control:
“Power, in Case’s world, meant corporate power. The zaibatsus, the multinationals ..., had ... attained a kind of immortality. You couldn’t kill a zaibatsu by assassinating a dozen key executives; there were others waiting to step up the ladder; assume the vacated position, access the vast banks of corporate memory.”
—William Gibson (b. 1948)
“When a book, any sort of book, reaches a certain intensity of artistic performance it becomes literature. That intensity may be a matter of style, situation, character, emotional tone, or idea, or half a dozen other things. It may also be a perfection of control over the movement of a story similar to the control a great pitcher has over the ball.”
—Raymond Chandler (1888–1959)