Category: Security

file9791234819983 0

Using DB2’s New Native Encryption Feature

With fixpack 5 of DB2 10.5, IBM introduced Native Encryption for data at rest in DB2. This is a fairly significant new feature for introduction in a fixpack. It does require separate licensing – either the Advanced Edition of ESE or WSE or the separate purchase of the Native Encryption feature. DB2 Native Encryption is transparent data encryption for data...

0

LBAC – Label Based Access Control

To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two. What is LBAC Label Based Access Control essentially adds a column to a table that labels each row (think confidential, secret, top secret), and then grants uses of...

2

DB2 Fine-Grained and Row Access Control (FGAC/RCAC)

DB2 10.1 introduced a new feature commonly called RCAC (Row and Column Access Control) or FGAC(Fine-Grained Access Control). This is a bit less labor intensive to support than LBAC (Label Based Access Control), and solves some of the problems with LBAC. It allows a finer level of access control than the standard DB2 permissions scheme. RCAC consists of two major...

4

Options to Encrypt Data at Rest in DB2

I thought it would be relatively easy to investigate encryption for our environment. I was wrong, was just plain confusing. This was not because encryption is complicated per se, but that a DBA really needs to have a good understanding of business needs. If you don’t have this understanding, you can get lost in an array of options. Are you...

4

DB2 Basics: Users, Authentication, and Authorization

This is clearly a broad topic, and this post is intended to serve as an introduction. Authentication The first step in accessing a db2 database is Authentication. Authentication is what tells DB2 that you are who you say you are. Simply put, DB2 does not do authentication. It relies on some other facility to perform authentication. Traditional Authentication Traditionally, DB2...

0

DB2 Errors: SQL0569N Authorization ID does not uniquely identify a user, a group or a role in the system.

What this error looks like SQL0569N Authorization ID “WSCOMUSR” does not uniquely identify a user, a group or a role in the system. If WebSphere Commerce gets this error (or it may look similar for other applications), it looks like this: 2011-03-04 11:37:18.076, , com.ibm.commerce.context.content.ant.tasks.UpdateWorkspacesTableTask::performTask(), S1 CWXBR0001E: A generic runtime system exception occured. The exception is: “com.ibm.db2.jcc.a.SqlException: DB2 SQL Error:...

6

Oracle’s SCN Flaw – could it happen in DB2?

I read an article on a flaw in Oracle that was recently discovered. It had to do with the SCN number that is constantly increasing in any database: http://www.infoworld.com/d/security/fundamental-oracle-flaw-revealed-184163-0 Thanks to my friend Fitz for bringing it to my attention – and you really should read all 6 pages of that article – it is fascinating for a database geek....

0

DB2 for Commerce IDs

So the easy thing to do on Commerce build is to use your DB2 instance owner for everything related to the database. But that’s not really the best choice. It’s almost always the choice I see when a DBA was not involved with the architecture or build of a Commerce system. You’ll notice in the instance XML that there is an option...

1

DB2 and Transparent LDAP

Ok, so I know I’m in the middle of a multi-part post on Data Movement between Commerce databases (and I will get back to that), but I found this and had to share it because I’m so excited DB2 has finally added support for it. As of DB2 9.7 FixPack 1, DB2 finally supports transparent LDAP on Unix and Linux!...