Setting Up Security

Btrieve provides two methods of setting up file security: assigning an owner name to the file or opening the file in exclusive mode. In addition, Btrieve supports the native file-level security (if available) on Windows NT and NetWare server platforms.

Note
Windows NT developers: File-level security is available on the server if you installed the NTFS file system on your server. File system security is not available if you installed the FAT file system.

The MicroKernel provides the following features for enhancing data security.

Owner Names

The MicroKernel allows you to restrict access to a file by assigning an owner name using the Set Owner operation (29). Once you assign an owner name to a file, the MicroKernel requires that name to be specified for all future accesses to the file. This prevents any unauthorized access or changing of a file's contents by users or applications that do not provide the owner name. Likewise, you can clear the owner name from a file if you know the owner name assigned to it. Owner names can be up to eight characters long and are case sensitive. Gloria and GLORIA are not considered the same.

You can restrict access to the file in these ways:

Users can have read-only access without supplying an owner name. However, neither a user nor a task can change the file's contents without supplying the owner name. Attempting to do so causes the MicroKernel to return an error.

Users can be required to supply an owner name for any access mode. The MicroKernel restricts all access to the file unless the correct owner name is supplied.

When you assign an owner name, you can also request that the MicroKernel encrypt the data in the disk file using the owner name as the encryption key. Encrypting the data on the disk ensures that unauthorized users cannot examine your data by using a debugger or a file dump utility. When you use the Set Owner operation and specify encryption, the encryption occurs immediately. The MicroKernel has control until the entire file is encrypted, and the larger the file, the longer the encryption process takes. Because encryption requires additional processing time, you should select this option only if data security is important in your environment.

You can use the Clear Owner operation (30) to remove ownership restrictions from a file if you know the owner name assigned to it. In addition, if you use the Clear Owner operation on an encrypted file, the MicroKernel decrypts it.

Exclusive Mode

To limit access to a file to a single client, you can specify that the MicroKernel open the file in exclusive mode. When a client opens a file in exclusive mode, no other client can open the file until the client that opened the file in exclusive mode closes it.