Jump to main content
Product Documentation
Customer Support
HCL Informix V14.10
HCL Informix®
V
14.10
documentation
Product overview
Installing
Administering
Migrating and upgrading
Client APIs and tools
Embedding
Informix®
Extending
Informix®
Data warehousing
Designing databases
JSON compatibility
Security
SQL programming
Troubleshooting
Informix®
Informix PDF guides
Search
Home
Security
You can secure your
Informix®
database server and the data that is stored in your
Informix®
databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in
HCL Informix®
The
Informix® Security Guide
documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
Network data encryption
Use network encryption to encrypt data transmitted between server and client, and between server and other server.
Background Knowledge on Keystores
This topic offers some generic insights into keystores and how they are used for secure communications with the TLS (Transport Layer Security) protocol. While the first part provides the theoretical background, the second part shows examples for applying this in practice using OpenSSL.
Examples for creating keystores using OpenSSL
Few details to know when using "openssl"
Security
You can secure your
Informix®
database server and the data that is stored in your
Informix®
databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in
HCL Informix®
The
Informix® Security Guide
documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
HCL Informix®
directory security
utilities and product directories are secure by default.
Network data encryption
Use network encryption to encrypt data transmitted between server and client, and between server and other server.
Communication support modules for data transmission encryption
You can use the communication support modules (CSMs) to encrypt data transmissions, including distributed queries, over the network.
Enterprise replication and high availability network data encryption
You can configure network data encryption for Enterprise Replication and high availability clusters by using configuration parameters.
Background Knowledge on Keystores
This topic offers some generic insights into keystores and how they are used for secure communications with the TLS (Transport Layer Security) protocol. While the first part provides the theoretical background, the second part shows examples for applying this in practice using OpenSSL.
Concepts of Keys, Certificates and Keystores for TLS
This section explains keystores for TLS/SSL (Transport Layer Security / Secure Socket Layer) connections between database clients and servers.
Examples for creating keystores using OpenSSL
Using the OpenSSL tool and utilities
Setting up a CA with OpenSSL
Creating the keystore for a database server
Creating the keystore for a database client
Few details to know when using "openssl"
Modifying an existing keystore
Extracting objects from a keystore into PEM files
Using a single PEM input file to create a keystore
Extracting certificates for the database client from the database server's keystore
X.509v3 certificate extension "Basic Constraints"
Examples for creating keystores using IBM® GSKit
Column-level encryption
You can use column-level encryption to store sensitive data in an encrypted format. After encrypting sensitive data, such as credit card numbers, only users who can provide a secret password can decrypt the data.
Connection security
You can administer the security of the connections to the database server by using authentication and authorization processes.
Discretionary access control
Discretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.
Label-Based Access Control
You can use label-based access control (LBAC), an implementation of multi-level security (MLS), to control who has read access and who has write access to individual rows and columns of data.
Auditing data security
Few details to know when using "openssl"
Modifying an existing keystore
Extracting objects from a keystore into PEM files
Using a single PEM input file to create a keystore
Extracting certificates for the database client from the database server's keystore
X.509v3 certificate extension "Basic Constraints"
Rate this topic
5 stars
4 stars
3 stars
2 stars
1 star
Comment on this topic.
By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at
https://hcltechsw.com/resources/us-government-contact
. Do not include any personal data in this Comment box.