Category: Security

Three-Tier 0

DB2 Basics: Security

This post is not meant to be a comprehensive coverage of security, but an overview such that those newer to DB2 know what areas they may want to research further. Users, Authentication, and Authorization I’ve already covered this in some detail in DB2 Basics: Users, Authentication, and Authorization. In general, keep the permissions that you allow any user or group...

file9791234819983 1

DB2 Backups When Using Native Encryption

I’ve recently implemented native encryption for a small database on a server that is somewhat oversized on CPU and memory. One of the things I noticed after encrypting my database was both increased backup duration and increased backup size. Backup Size On this particular system, I take compressed DB2 backups to disk, which is later externalized. Immediately after enabling Native...

file9791234819983 16

Using DB2’s New Native Encryption Feature

With fixpack 5 of DB2 10.5, IBM introduced Native Encryption for data at rest in DB2. This is a fairly significant new feature for introduction in a fixpack. It does require separate licensing – either the Advanced Edition of ESE or WSE or the separate purchase of the Native Encryption feature. DB2 Native Encryption is transparent data encryption for data...

0

LBAC – Label Based Access Control

To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two. What is LBAC Label Based Access Control essentially adds a column to a table that labels each row (think confidential, secret, top secret), and then grants uses of...

2

DB2 Fine-Grained and Row Access Control (FGAC/RCAC)

DB2 10.1 introduced a new feature commonly called RCAC (Row and Column Access Control) or FGAC(Fine-Grained Access Control). This is a bit less labor intensive to support than LBAC (Label Based Access Control), and solves some of the problems with LBAC. It allows a finer level of access control than the standard DB2 permissions scheme. RCAC consists of two major...

4

Options to Encrypt Data at Rest in DB2

I thought it would be relatively easy to investigate encryption for our environment. I was wrong, was just plain confusing. This was not because encryption is complicated per se, but that a DBA really needs to have a good understanding of business needs. If you don’t have this understanding, you can get lost in an array of options. Are you...

5

DB2 Basics: Users, Authentication, and Authorization

This is clearly a broad topic, and this post is intended to serve as an introduction. Authentication The first step in accessing a db2 database is Authentication. Authentication is what tells DB2 that you are who you say you are. Simply put, DB2 does not do authentication. It relies on some other facility to perform authentication. Traditional Authentication Traditionally, DB2...

0

DB2 Errors: SQL0569N Authorization ID does not uniquely identify a user, a group or a role in the system.

What this error looks like SQL0569N Authorization ID “WSCOMUSR” does not uniquely identify a user, a group or a role in the system. If WebSphere Commerce gets this error (or it may look similar for other applications), it looks like this: 2011-03-04 11:37:18.076, , com.ibm.commerce.context.content.ant.tasks.UpdateWorkspacesTableTask::performTask(), S1 CWXBR0001E: A generic runtime system exception occured. The exception is: “com.ibm.db2.jcc.a.SqlException: DB2 SQL Error:...

6

Oracle’s SCN Flaw – could it happen in DB2?

I read an article on a flaw in Oracle that was recently discovered. It had to do with the SCN number that is constantly increasing in any database: http://www.infoworld.com/d/security/fundamental-oracle-flaw-revealed-184163-0 Thanks to my friend Fitz for bringing it to my attention – and you really should read all 6 pages of that article – it is fascinating for a database geek....