Contents
Chapter 1: 
Introduction
 
  • 1.1 Authentication: Establishing Identity
  • 1.1.1 About Kerberos
  • 1.1.2 About Operating-System–Based Authentication
  • 1.1.3 About Caché Login
  • 1.2 Authorization: Controlling User Access
  • 1.2.1 Authorization Basics
  • 1.2.2 Resources and What They Protect
  • 1.2.3 For More Information on Authorization
  • 1.3 Auditing: Knowing What Happened
  • 1.4 Database Encryption: Protecting Data on Disk
  • 1.5 Managing Security with the System Management Portal
  • 1.6 A Note on Technology, Policy, and Action
  • 1.7 A Note on Certification
    • Chapter 2: 
    Authentication
     
  • 2.1 About the Different Authentication Mechanisms
  • 2.1.1 Kerberos Authentication
  • 2.1.2 Operating-System–Based Authentication
  • 2.1.3 Caché Login
  • 2.2 About the Different Access Modes
  • 2.2.1 About Local Access
  • 2.2.2 About Client/Server Access
  • 2.2.3 About CSP
  • 2.3 Configuring for Kerberos Authentication
  • 2.3.1 About Kerberos and the Access Modes
  • 2.3.2 Specifying Connection Security Levels
  • 2.3.3 Setting Up a Client
  • 2.3.4 Obtaining User Credentials
  • 2.3.5 Setting Up a Secure Channel for a CSP Connection
  • 2.4 Configuring for Operating-System–Based Authentication
  • 2.4.1 A Note on %Service_Console
  • 2.4.2 A Note on %Service_Callin
  • 2.5 Configuring for Authentication with Caché Login
  • 2.5.1 CSP
  • 2.5.2 ODBC
  • 2.5.3 Telnet and Caché Direct
  • 2.6 Other Topics
  • 2.6.1 System Variables and Authentication
  • 2.6.2 Using Multiple Authentication Mechanisms
  • 2.6.3 Cascading Authentication
  • 2.6.4 Establishing Connections with the UnknownUser Account
  • 2.6.5 Programmatic Logins
  • 2.6.6 The JOB Command and Establishing a New User Identity
    • Chapter 3: 
    Assets and Resources
     
  • 3.1 About Resources
  • 3.2 Creating or Editing a Resource
  • 3.2.1 Resource Naming Conventions
  • 3.3 Database Resources
  • 3.3.1 Database Resource Privileges
  • 3.3.2 Shared Database Resources
  • 3.3.3 Default Database Resource
  • 3.3.4 Unknown or Non-Valid Resource Names
  • 3.3.5 Namespaces
  • 3.3.6 Databases that Ship with Caché
  • 3.4 Administrative and Development Resources
  • 3.4.1 Administrative Resources
  • 3.4.2 The %Development Resource
  • 3.5 Application Resources and Their Privileges
  • 3.5.1 User-Based and Application-Based Security
  • 3.5.2 CSP Application Definitions
  • 3.5.3 Privileged Routine Application Definitions
  • 3.5.4 Client Application Definitions
  • 3.5.5 Application-Defined Resources
    • Chapter 4: 
    Privileges and Permissions
     
  • 4.1 How Privileges Work
  • 4.2 Public Permissions
  • 4.3 Checking Privileges
    • Chapter 5: 
    Roles
     
  • 5.1 About Roles
  • 5.1.1 Roles, Users, Members, and Assignments
  • 5.2 Creating a Role
  • 5.2.1 Naming Conventions
  • 5.3 Managing Roles
  • 5.3.1 Viewing Existing Roles
  • 5.3.2 Deleting a Role
  • 5.3.3 Giving New Privileges to a Role
  • 5.3.4 Modifying Privileges for a Role
  • 5.3.5 Removing Privileges from a Role
  • 5.3.6 Assigning Users or Roles to the Current Role
  • 5.3.7 Removing Users or Roles from the Current Role
  • 5.3.8 Assigning the Current Role to Another Role
  • 5.3.9 Removing the Current Role from Another Role
  • 5.3.10 Modifying a Role's SQL-Related Options
  • 5.4 Predefined Roles
  • 5.4.1 %All
  • 5.4.2 Default Database Resource Roles
  • 5.5 Login Roles and Added Roles
  • 5.6 Programmatically Managing Roles
    • Chapter 6: 
    Users
     
  • 6.1 Properties of Users
  • 6.1.1 About User Types
  • 6.2 Creating and Editing Users
  • 6.2.1 Creating a New User
  • 6.2.2 Editing an Existing User
  • 6.3 Viewing and Managing Existing Users
  • 6.3.1 Deleting a User
  • 6.3.2 View a User Profile
  • 6.4 Predefined User Accounts
  • 6.4.1 Default Predefined Account Behavior
  • 6.4.2 Notes on Various Accounts
    • Chapter 7: 
    Services
     
  • 7.1 Available Services
  • 7.1.1 Notes on Individual Services
  • 7.2 Service Properties
  • 7.2.1 Allowed Incoming Connections for ECP
  • 7.3 Services and Authentication
  • 7.4 Services and Their Resources
    • Chapter 8: 
    SQL Security
     
  • 8.1 The SQL Service
  • 8.1.1 CREATE USER
  • 8.1.2 Effect of Changes
  • 8.1.3 Required Privileges for Working with Tables
    • Chapter 9: 
    Database Encryption
     
  • 9.1 Managing Keys and Key Files
  • 9.1.1 Creating a Key
  • 9.1.2 Activating a Key
  • 9.1.3 Deactivating a Key
  • 9.1.4 Managing an Encryption Key File
  • 9.2 Managing Encrypted Databases
  • 9.2.1 Creating an Encrypted Database
  • 9.2.2 Opening an Encrypted Database
  • 9.2.3 Closing an Encrypted Database
  • 9.2.4 Moving an Encrypted Database Between Instances
  • 9.3 Configuring Caché Encryption Settings
  • 9.3.1 Configuring Startup without Key Activation
  • 9.3.2 Configuring Startup with Interactive Key Activation
  • 9.3.3 Configuring Startup with Unattended Key Activation
  • 9.4 Emergency Situations
  • 9.4.1 If the File Containing the Activated Key is Damaged
  • 9.4.2 If the Database-Encryption Key File Is Required at Startup and Is Not Present
  • 9.5 Other Information
  • 9.5.1 Performance Information
  • 9.5.2 Encryption and Database-Related Caché Facilities
    • Chapter 10: 
    Auditing
     
  • 10.1 Basic Auditing Concepts
  • 10.1.1 Enabling or Disabling Auditing
  • 10.2 About Audit Events
  • 10.2.1 Elements of an Audit Event
  • 10.2.2 About System Audit Events
  • 10.2.3 Enabling and Disabling Optional System Events
  • 10.2.4 About User Events
  • 10.3 Managing Auditing and the Audit Database
  • 10.3.1 Viewing the Audit Database
  • 10.3.2 Copying, Exporting, and Purging the Audit Database
  • 10.3.3 Encrypting the Audit Database
  • 10.4 Other Issues
  • 10.4.1 Freezing Caché If There Can Be No Audit Log Writes
  • 10.4.2 About Counters
    • Chapter 11: 
    System Management and Security
     
  • 11.1 System Security Settings Page
  • 11.2 System-wide Security Parameters
  • 11.2.1 Protecting Sensitive Data in Memory Images
  • 11.3 Authentication Options
  • 11.4 Password Strength and Password Policies
  • 11.5 Protecting Caché Configuration Information
  • 11.6 Managing Caché Security Domains
  • 11.6.1 Single and Multiple Domains
  • 11.6.2 The Default Security Domain
  • 11.6.3 Listing, Editing, and Creating Domains
  • 11.7 Security Advisor
  • 11.7.1 Auditing
  • 11.7.2 Services
  • 11.7.3 Roles
  • 11.7.4 Users
  • 11.7.5 CSP, Privileged Routine, and Client Applications
  • 11.8 Effect of Changes
  • 11.9 Emergency Access
  • 11.9.1 Invoking Emergency Access Mode
  • 11.9.2 Emergency Access Mode Behavior
    • Chapter 12: 
    Using SSL/TLS with Caché
     
  • 12.1 About Configurations
  • 12.1.1 Creating or Editing an SSL/TLS Configuration
  • 12.1.2 Deleting a Configuration
  • 12.2 Configuring a Client to Use SSL/TLS with a TCP Connection
  • 12.2.1 Opening a Secured TCP Connection from a Client
  • 12.2.2 Adding SSL/TLS to an Existing Connection
  • 12.3 Configuring a Server to Use SSL/TLS with a TCP Socket
  • 12.3.1 Establishing an SSL/TLS-secured Socket
  • 12.3.2 Adding SSL/TLS to an Existing Socket
    • Chapter 13: 
    Delegated Authentication
     
  • 13.1 Creating User-Defined Authentication Code
  • 13.1.1 Signature
  • 13.1.2 Authentication Code
  • 13.1.3 Setting Values for Roles and Other User Characteristics
  • 13.1.4 Return Value and Error Messages
  • 13.2 Setting Up Delegated Authentication
  • 13.3 After Authentication — The State of the System
    • Chapter 14: 
    Using LDAP
     
  • 14.1 Configuring Caché to Use an LDAP Server
  • 14.1.1 Searching the LDAP Database
  • 14.2 Setting Up LDAP-based Authentication
  • 14.3 After Authentication — The State of the System
    •  
    Appendix A: 
    Relevant Cryptographic Standards and RFCs
     
    Appendix B: 
    Using the cvencrypt Utility
     
  • B.1 Converting an Unencrypted Database to be Encrypted
  • B.2 Converting an Encrypted Database to be Unencrypted
  • B.3 Converting an Encrypted Database to Use a New Key
    • Copyright  © 1997-2008, InterSystems Corp. Build: Caché v2007.1.3 (607) Last updated: 2007-10-16 23:19:22 Source: GCAS.xml