HFSQL

HFSQL • www.windev.com 10 SECURITY The integration, the automatic lock man- agement, the Control Center ... ensure by their very own existence a strong security. Security specific features are also available. ACCESS RIGHTS: AUTHENTICATION FOR ESTABLISHING THE CONNECTION The server has a user authentication sys- tem. It checks that a user is authorized to con- nect, and then that he has sufficient rights to run his queries: for example, rights to delete rows when running a delete query. You can restrict access for a user based on his IP address or a DNS name. The tuning of the rights is very granular: at the server level, the database level or the table level. You can choose to do it by programming or via a user-friendly interface. You can define an expiration period for password. You can define groups of users. For the server: • Rights to delete and add users or groups • Rights to see the users and the groups • Rights to create a database • Rights to change the rights • Rights to stop the server • Rights to change your own password • Rights to disconnect the client comput- ers • Rights to send messages to the client computers • Rights to configure the server • Rights to configure the priority of users • Rights to perform backups • Rights to configure the scheduled tasks • Rights to see the activity statistics and the logs of the server • Rights to define a server replication. At the database level: • Rights to add new rows into a table (data file) • Rights to lock the tables or the table rows • Rights to change the rights • Rights to modify the integrity rules on a table • Rights to modify the owner of an ele- ment • Rights to connect to a server (encrypted and unencrypted connection or en- crypted connection only) • Rights to create a table by programming • Rights to enable and disable the man- agement of duplicates • Rights to read the table rows • Rights to start a re-index operation or to calculate statistics • Rights to perform automatic table modi- fication (DSS) • Rights to modify the table rows • Rights to delete the table rows • Rights to delete a database • Rights to delete a table by programming • Rights to enable and disable the man- agement of integrity • Rights to lock access to a database • Rights to run stored procedures and/or WLanguage commands in the queries • Rights to configure the stored proce- dures • Rights to debug the stored procedures • Rights to modify the triggers • Rights to perform backups. At the table level: • Rights to add new rows into a table • Rights to lock the tables or the table rows • Rights to change the rights • Rights to modify the integrity rules on a table • Rights to modify the owner of an ele- ment • Rights to enable and disable the man- agement of duplicates • Rights to read the table rows • Rights to start a re-index operation or to calculate statistics • Rights to perform automatic table modi- fication (DSS) • Rights to delete the table rows • Rights to delete the table rows • Rights to delete a table by programming. SQL INJECTION NOT POSSIBLE The use of the WINDEV window generator and WEBDEV page generator, with their edit controls that are automatically gener- ated based on the data schema, makes at- tacks via “SQL injection” almost impossible, and it does so automatically. The use of SQL queries created with the query editor brings the same level of secu- rity. The data that the end user enters is auto- matically checked in real time as soon as it's entered, and it is not sent to the appli- cation if it's unexpected, erroneous or in- consistent. ENCRYPTED CONNECTIONS The connection between the client and the server can be encrypted. To define a high level of security, you can forbid non-encrypted connections to the server. ENCRYPTING THE DATA Data access can be secured, and data itself can be secured. We can specify that the opening of the table requires a password. The data itself can be encrypted. Several encryption modes are supported: • Standard on 128 bits • RC5 12 rounds in 128 bits HFSQL Control Center defining the rights

RkJQdWJsaXNoZXIy NDQ0OA==