Category: Security

file0001696162701 0

Static SQL vs Dynamic SQL in Stored Procedures

Updated 13 September 2016 to use more correct wording around how and when the access plan is generated and reused. As a new DB2 for LUW DBA or developer it can take a while to understand the difference between static and dynamic SQL. I’d like to use an example in a stored procedure to explain. Example The same SQL can...

DSC04677 2

DB2 Basics: Patching DB2

Like any software, DB2 requires frequent patching. A database should be one of the most secure parts of any enterprise, and keeping it secure means keeping up with the fixes that are delivered in fix packs. Fix Packs DB2 delivers many things through fixpacks, including: Security Fixes Bug Fixes New Functionality – though IBM goes back and forth on this...

Three-Tier 0

DB2 Basics: Security

This post is not meant to be a comprehensive coverage of security, but an overview such that those newer to DB2 know what areas they may want to research further. Users, Authentication, and Authorization I’ve already covered this in some detail in DB2 Basics: Users, Authentication, and Authorization. In general, keep the permissions that you allow any user or group...

file9791234819983 1

DB2 Backups When Using Native Encryption

I’ve recently implemented native encryption for a small database on a server that is somewhat oversized on CPU and memory. One of the things I noticed after encrypting my database was both increased backup duration and increased backup size. Backup Size On this particular system, I take compressed DB2 backups to disk, which is later externalized. Immediately after enabling Native...

file9791234819983 16

Using DB2’s New Native Encryption Feature

With fixpack 5 of DB2 10.5, IBM introduced Native Encryption for data at rest in DB2. This is a fairly significant new feature for introduction in a fixpack. It does require separate licensing – either the Advanced Edition of ESE or WSE or the separate purchase of the Native Encryption feature. DB2 Native Encryption is transparent data encryption for data...

0

LBAC – Label Based Access Control

To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two. What is LBAC Label Based Access Control essentially adds a column to a table that labels each row (think confidential, secret, top secret), and then grants uses of...

2

DB2 Fine-Grained and Row Access Control (FGAC/RCAC)

DB2 10.1 introduced a new feature commonly called RCAC (Row and Column Access Control) or FGAC(Fine-Grained Access Control). This is a bit less labor intensive to support than LBAC (Label Based Access Control), and solves some of the problems with LBAC. It allows a finer level of access control than the standard DB2 permissions scheme. RCAC consists of two major...

5

Options to Encrypt Data at Rest in DB2

I thought it would be relatively easy to investigate encryption for our environment. I was wrong, was just plain confusing. This was not because encryption is complicated per se, but that a DBA really needs to have a good understanding of business needs. If you don’t have this understanding, you can get lost in an array of options. Are you...