Introduction
The Eloquence B.08.10 release improves on the solid foundation of the B.08.00 release
and supports the same 32-bit and 64-bit platforms and architectures.
It is installed in a separate location and may thus be used concurrently with previous
Eloquence versions.
It adds major enhancements to help securing sensitive data.
- Database encryption.
Sensitive information may be encrypted in the database.
This helps protecting database volume files, forward logs, as well as
dbstore output files or backups against unauthorized access to sensitive data.
Encryption keys may be updated periodically with no downtime.
- Item Level Security.
Sensitive information may be masked or blanked upon retrieval, depending on
the user authorization. This allows to enhance the security of
existing applications with no or
minimal code changes.
If you are working to meet the PCI DSS requirements or exploring
how to improve protection of sensitive information with a minimum of
changes to your application and procedures, you are likely interested
in this new functionality.
The item security enhancements are included in the Eloquence B.08.10
base version, the data encryption feature is available as an optional
add-on component.
Use of Eloquence B.08.10 is subject to the
Marxmeier Software AG Software License.
Downloading, installing or using the software implies agreeing to the license
terms and conditions.
New Features and Options
Item Level Security
The item level security functionality allows restricting access
on selected items at the database and/or dataset level, depending
on the access privileges of a database account.
This allows to enhance the security of existing applications
with no or minimal code changes.
A typical use would be to limit access on items with sensitive
information, such as credit card numbers, social security numbers
or salary figures to those database users that are member of a
dedicated security group, whereas all other users only get to
see empty or masked values when reading the respective item
contents.
Find details in the document (and section links) below:
Note: Enhanced item level security is part of the base product.
Database encryption
The Eloquence database encryption feature allows to designate fields
with sensitive contents for encrypted storage. It helps protecting
database volume files, forward logs, as well as dbstore output
files against unauthorized access to sensitive data.
Find details in the document (and section links) below:
Note: Encryption is an optional add-on requiring an extra license key.
User visible Changes
Please refer to the "New Features and Enhancements"
document for an overview of Eloquence B.08.10 enhancements in areas such as
database server, database client libraries, and database utilities.
Installation and Upgrade
Please refer to the Eloquence B.08.10 installation documents below
for an overview of Eloquence installation and platform specific details,
as well as information on updated License Keys.
The Eloquence B.08.10 configuration changes document
provides detailed information on configuration changes from previous Eloquence
releases.
Compatibility Notices
Eloquence B.08.10 is upwards compatible with previous Eloquence versions.
However, a database created with B.08.10 should not be used with previous Eloquence releases.
- Configuring and using item encryption requires an internal database
catalog table "syskey" that did not exist in previous versions of Eloquence.
For databases created on older Eloquence versions, it is necessary to upgrade
the catalog tables with the "upgrade database" command in dbutil before using
encryption.
Encrypted databases are not compatible to previous Eloquence versions.
Attempting to access data or an index that holds encrypted data with
a previous Eloquence version is likely to result in a server abort
or corrupted data. When encrypting data, the record size and layout
differs and previous Eloquence versions are currently not able to
detect this.
Recent patch levels of Eloquence B.08.00 and B.07.10 were improved
to detect encrypted databases and refuse to open them.
- Configuring and using item access rules requires an internal database
catalog table "sysitemproperty" that did not exist in previous versions of Eloquence.
For databases created on older Eloquence versions, it is necessary to upgrade the
catalog tables with the "upgrade database" command in dbutil before configuring any
item access rules is possible.
After upgrading the database catalog tables, such databases may no longer be fully
compatible with older Eloquence versions. Using the database volume files with an
older Eloquence version or transferring such a database to an older Eloquence version
with dbstore/dbrestore results in the item access rules being "ignored" by the older
server version (and potentially corrupting the item access rules if the database
structure is changed with an older server version).
Furthermore, the old dbdumpcat and dbutil programs may not be able to work with those
databases in all cases.
- When no encryption is used and no item access rules are used then a database
is expected to be backwards compatible with previous Eloquence versions.
- The internal format of the transaction journal has changed. A previous
server version cannot be used to recover a volume.
If a database server process is aborted, the volume is left in an "unclean"
status. Upon the next restart (or using the dblogreset utility) the volume set
is recovered from the transaction journal.
Acknowledgements
Eloquence B.08.10 includes or makes use of several third party and
open source projects. Details can be found in the following document:
|
