Setting Up Security

The transactional interface provides three methods of setting up file security:

Assign an owner name to the file

Open the file in exclusive mode

Use the Pervasive PSQL Contol Center (PCC) security settings

In addition, the transactional interface supports the native file-level security (if available) on Windows NT and NetWare server platforms.

Note
Windows NT developers: File-level security is available on the server if you installed the NTFS file system on your server. File system security is not available if you installed the FAT file system.

The transactional database engine provides the following features for enhancing data security.

Owner Names

The transactional database engine allows you to restrict access to a file by assigning an owner name using the Set Owner operation (29). Once you assign an owner name to a file, the transactional database engine requires that name to be specified for all future accesses to the file. This prevents any unauthorized access or changing of a file's contents by users or applications that do not provide the owner name. Likewise, you can clear the owner name from a file if you know the owner name assigned to it. Owner names can be up to eight characters long and are case sensitive. Gloria and GLORIA are not considered the same.

You can restrict access to the file in these ways:

Users can have read-only access without supplying an owner name. However, neither a user nor a task can change the file's contents without supplying the owner name. Attempting to do so causes the transactional database engine to return an error.

Users can be required to supply an owner name for any access mode. The transactional database engine restricts all access to the file unless the correct owner name is supplied.

When you assign an owner name, you can also request that the transactional database engine encrypt the data in the disk file using the owner name as the encryption key. Encrypting the data on the disk ensures that unauthorized users cannot examine your data by using a debugger or a file dump utility. When you use the Set Owner operation and specify encryption, the encryption occurs immediately. The transactional database engine has control until the entire file is encrypted, and the larger the file, the longer the encryption process takes. Because encryption requires additional processing time, you should select this option only if data security is important in your environment.

You can use the Clear Owner operation (30) to remove ownership restrictions from a file if you know the owner name assigned to it. In addition, if you use the Clear Owner operation on an encrypted file, the transactional database engine decrypts it.

Exclusive Mode

To limit access to a file to a single client, you can specify that the transactional database engine open the file in exclusive mode. When a client opens a file in exclusive mode, no other client can open the file until the client that opened the file in exclusive mode closes it.

SQL Security

See Database URIs for information on database Uniform Resource Indicator (URI) strings. See the Pervasive PSQL User Guide for how to access the PCC security settings.