Access Control
Information about access control functionalities (work in progress).
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification | |
|---|---|---|---|---|---|---|---|---|---|---|
| Adaptive Server Enterprise | Yes (optional; to pay) | Yes | Yes (optional ?) | Yes | Partial (need to register; depend on which product) | Yes | Yes | Yes | Yes | Yes (EAL4+ 1) |
| Advantage Database Server | Yes | No | No | No | Yes | Yes | No | No | Yes | ? |
| DB2 | Yes | ? | Yes (LDAP, Kerberos…) | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+6) |
| Empress Embedded Database | ? | ? | No | No | Yes | Yes | Yes | No | Yes | No |
| Firebird | No | Yes | Yes (Windows trusted authenification) | No | Partial (no security page) | Yes | No | No | No7 | ? |
| HSQLDB | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | No |
| H2 | Yes | Yes | ? | No | ? | Yes | ? | Yes | Yes | No |
| Informix Dynamic Server | Yes | ? | Yes10 | ?10 | Yes | Yes | Yes | Yes | Yes | ? |
| Linter SQL RDBMS | Yes (with SSL) | Yes | No | Yes (length only) | ? | Yes | Yes | Yes | Yes | Yes |
| MariaDB | Yes (SSL) | No | Yes (with 5.2, but not on Windows servers) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| MySQL | Yes (SSL with 4.0) | No | Yes (with 5.5, but only in commercial edition) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| OpenBase SQL | Yes | ? | Yes (Open Directory, LDAP) | No | ? | ? | ? | ? | ? | ? |
| Microsoft SQL Server | Yes | ? | Yes (Microsoft Active Directory) | Yes | Yes | Yes | Yes (From 2008) | Yes | Yes | Yes (EAL1+1) |
| Microsoft SQL Server Compact (Embedded Database) | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Yes | Yes (file access) | Yes | Yes | No | ? |
| Oracle | Yes | Yes | Yes | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+1) |
| PostgreSQL | Yes | Yes (for 9.1) | Yes (LDAP, Kerberos…9) | Yes (as of 9.0 with passwordcheck module) | Yes | Yes | No | Yes | Yes | Yes (EAL11) |
| RDM Embedded | No | No | No | No | No | Yes | No | No | No | No |
| RDM Server | Yes | No | No | No | No | Yes | Yes | No | Yes | No |
| SQL Anywhere | Yes | ? | Yes (Kerberos) | Yes | ? | Yes | Yes | No | Yes | Yes (EAL3+1 as Adaptive Server Anywhere) |
| SQLite | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Partial (no security page) | Yes (file access) | Yes | Yes | No | No |
| Xeround Cloud Database | Yes (SSL with 4.0) | No | No | No | N/A - database as a service | Yes | No | No | No | No |
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification |
Note (1): Network traffic could be transmitted in a secure way (not clear-text, en general SSL encryption). Precise if option is default, included option or an extra modules to buy.
Note (2): Options are present to set a minimum size for password, respect complexity like presence of numbers or special characters.
Note (3): How do you get security updates? Is it free access, do you need a login or to pay? Is there easy access through a Web/FTP portal or RSS feed or only through offline access (mail CD-ROM, phone).
Note (4): Does database process run as root/administrator or unprivileged user? What is default configuration?
Note (5): Is there a separate user to manage special operation like backup (only dump/restore permissions), security officer (audit), administrator (add user/create database), etc.? Is it default or optional?
Note (6): Common Criteria certified product list
Note (7): FirebirdSQL seems to only have SYSDBA user and DB owner. There are no separate roles for backup operator and security administrator.
Note (8): User can define a dedicated backup user but nothing particular in default install
Note (9): Authentication methods
Note (10): Informix Dynamic Server supports PAM and other configurable authentication. By default uses OS authentication.
Read more about this topic: Comparison Of Relational Database Management Systems
Famous quotes containing the words access and/or control:
“Power, in Case’s world, meant corporate power. The zaibatsus, the multinationals ..., had ... attained a kind of immortality. You couldn’t kill a zaibatsu by assassinating a dozen key executives; there were others waiting to step up the ladder; assume the vacated position, access the vast banks of corporate memory.”
—William Gibson (b. 1948)
“Knowledge in the form of an informational commodity indispensable to productive power is already, and will continue to be, a major—perhaps the major—stake in the worldwide competition for power. It is conceivable that the nation-states will one day fight for control of information, just as they battled in the past for control over territory, and afterwards for control over access to and exploitation of raw materials and cheap labor.”
—Jean François Lyotard (b. 1924)