Access Control
Information about access control functionalities (work in progress).
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification | |
|---|---|---|---|---|---|---|---|---|---|---|
| Adaptive Server Enterprise | Yes (optional; to pay) | Yes | Yes (optional ?) | Yes | Partial (need to register; depend on which product) | Yes | Yes | Yes | Yes | Yes (EAL4+ 1) |
| Advantage Database Server | Yes | No | No | No | Yes | Yes | No | No | Yes | ? |
| DB2 | Yes | ? | Yes (LDAP, Kerberos…) | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+6) |
| Empress Embedded Database | ? | ? | No | No | Yes | Yes | Yes | No | Yes | No |
| Firebird | No | Yes | Yes (Windows trusted authenification) | No | Partial (no security page) | Yes | No | No | No7 | ? |
| HSQLDB | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | No |
| H2 | Yes | Yes | ? | No | ? | Yes | ? | Yes | Yes | No |
| Informix Dynamic Server | Yes | ? | Yes10 | ?10 | Yes | Yes | Yes | Yes | Yes | ? |
| Linter SQL RDBMS | Yes (with SSL) | Yes | No | Yes (length only) | ? | Yes | Yes | Yes | Yes | Yes |
| MariaDB | Yes (SSL) | No | Yes (with 5.2, but not on Windows servers) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| MySQL | Yes (SSL with 4.0) | No | Yes (with 5.5, but only in commercial edition) | No | Partial (no security page) | Yes | ? | ? | ?8 | No |
| OpenBase SQL | Yes | ? | Yes (Open Directory, LDAP) | No | ? | ? | ? | ? | ? | ? |
| Microsoft SQL Server | Yes | ? | Yes (Microsoft Active Directory) | Yes | Yes | Yes | Yes (From 2008) | Yes | Yes | Yes (EAL1+1) |
| Microsoft SQL Server Compact (Embedded Database) | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Yes | Yes (file access) | Yes | Yes | No | ? |
| Oracle | Yes | Yes | Yes | Yes | ? | Yes | Yes | Yes | Yes | Yes (EAL4+1) |
| PostgreSQL | Yes | Yes (for 9.1) | Yes (LDAP, Kerberos…9) | Yes (as of 9.0 with passwordcheck module) | Yes | Yes | No | Yes | Yes | Yes (EAL11) |
| RDM Embedded | No | No | No | No | No | Yes | No | No | No | No |
| RDM Server | Yes | No | No | No | No | Yes | Yes | No | Yes | No |
| SQL Anywhere | Yes | ? | Yes (Kerberos) | Yes | ? | Yes | Yes | No | Yes | Yes (EAL3+1 as Adaptive Server Anywhere) |
| SQLite | No (not relevant, only file permissions) | No (not relevant) | No (not relevant) | No (not relevant) | Partial (no security page) | Yes (file access) | Yes | Yes | No | No |
| Xeround Cloud Database | Yes (SSL with 4.0) | No | No | No | N/A - database as a service | Yes | No | No | No | No |
| Native network encryption1 | Brute-force protection | Enterprise directory compatibility | Password complexity rules2 | Patch access3 | Run unprivileged4 | Audit | Resource limit | Separation of duties (RBAC)5 | Security Certification |
Note (1): Network traffic could be transmitted in a secure way (not clear-text, en general SSL encryption). Precise if option is default, included option or an extra modules to buy.
Note (2): Options are present to set a minimum size for password, respect complexity like presence of numbers or special characters.
Note (3): How do you get security updates? Is it free access, do you need a login or to pay? Is there easy access through a Web/FTP portal or RSS feed or only through offline access (mail CD-ROM, phone).
Note (4): Does database process run as root/administrator or unprivileged user? What is default configuration?
Note (5): Is there a separate user to manage special operation like backup (only dump/restore permissions), security officer (audit), administrator (add user/create database), etc.? Is it default or optional?
Note (6): Common Criteria certified product list
Note (7): FirebirdSQL seems to only have SYSDBA user and DB owner. There are no separate roles for backup operator and security administrator.
Note (8): User can define a dedicated backup user but nothing particular in default install
Note (9): Authentication methods
Note (10): Informix Dynamic Server supports PAM and other configurable authentication. By default uses OS authentication.
Read more about this topic: Comparison Of Relational Database Management Systems
Famous quotes containing the words access and/or control:
“A girl must allow others to share the responsibility for care, thus enabling others to care for her. She must learn how to care in ways appropriate to her age, her desires, and her needs; she then acts with authenticity. She must be allowed the freedom not to care; she then has access to a wide range of feelings and is able to care more fully.”
—Jeanne Elium (20th century)
“If the technology cannot shoulder the entire burden of strategic change, it nevertheless can set into motion a series of dynamics that present an important challenge to imperative control and the industrial division of labor. The more blurred the distinction between what workers know and what managers know, the more fragile and pointless any traditional relationships of domination and subordination between them will become.”
—Shoshana Zuboff (b. 1951)