|
|
This document provides a list of enhancements and user visible changes
in Eloquence B.08.10, relative to the original B.08.00 release.
Contents:
Enhancements
-
The database server was enhanced to support item masking.
-
The database server was enhanced to support item encryption.
-
The server was enhanced to implicitly grant a DBA user
administrative capabilities on a database (DADMIN and DBPRIV
privileges).
As a consequence, the following behavior is changed:
Any user with DBA privileges may
- purge or erase any database
- dbstore or dbrestore any database
- perform a dbdumpcat on any database
- change the database structure
- change the database access rights
With previous server versions only the user that created a
database (or was granted administrative capabilities subsequently)
was able to perform these tasks. Other users, even with DBA
privileges would fail.
-
The "operator" user property was added. This may be used to
indicate user accounts permitted to perform operational tasks,
like starting and stopping online backup mode, switching forward
logs, performing dbstore and dbrestore, for example.
This allows to be more restrictive with administrative accounts.
-
Added support for user password modification timestamp.
The timestamp is updated when the user account is created or
the password is updated. With dbdumpcat it is returned in
the tspw column of the server sysuser table.
When starting the B.08.10 database server for the first time,
the server catalog is upgraded to support this column.
When the volume set is used with a previous Eloquence version
this additional column is ignored.
Other changes
-
The DBINFO mode 114 was added to allow obtaining field status.
DBINFO mode 114 is similar to DBINFO mode 104 but returns item
status information rather than item numbers. DBINFO mode 114
is available in both the image3k and the native client library.
However, it is currently not available in eloqcore. The returned
status information is bit encoded (per item) as indicated below:
- Bit 0 (0x1) - encrypted field
- Bit 0 is set if the field is stored on disk in encrypted format.
- Bit 1 (0x2) - encrypted content not available
- Bit 1 is set if an encryption key for the database is not available.
If this affects actual record, the field is blanked (if a string item)
or zeroed when read.
- Bit 2 (0x4) - item mask is defined
- Bit 2 is set if an item mask exists for this item, even if it does
not apply for the current user.
- Bit 3 (0x8) - item content is masked
- Bit 3 is set if an item mask affects information in this field (eg.
information is truncated or blanked).
Bit 0 and and bit 2 may be used by an application to understand
a field has sensitive information, so it should be handled with
extra care (eg. not included in application logs).
Bit 1 and bit 3 may be used to indicate the field content is
not available or only partially returned.
-
The DBUPDATE mode 2 (or DBUPDATE using the CIUPDATE flag for
image3k) on a master set was changed to return status 43:0
instead of -804:0 when a duplicate key item value is specified.
-
A DBOPEN of an encrypted database returns status -812:0 if one
or more master keys are unavailable.
-
The "dbctl encryption status" command may be used to display status
information about the server. It returns an error if the server does
not support encryption.
-
The HTTP status web pages include supplemental audit information
in the session status. This is useful, for example, if a connection
via ODBC provides additional information about the ODBC client side.
-
The HTTP status was enhanced to display additional information on the installed license
in the config web page.
-
The dbctl list command was enhanced. A filter expression may be specified and the /count
option may be used to only obtain the number of matching entries.
For example:
$ dbctl list session "pname=*query3k*"
$ dbctl list lock /count "status=blocked"
Please refer to the dbctl documentation for details.
-
The dbctl forwardlog status command no longer requires dba privileges.
-
When a dbutil ADD ITEM data set clause is used to add an item
of type P (packed) to a data set, the subsequent restructuring
process now initializes this new P item to unsigned zero.
Previously, a new P item was initialized to binary zero.
-
The HTTP status display has been enhanced and optional filter expressions similar
to the "dbctl list" command have been added (with update B.08.10.01).
Please refer to the HTTP status display documentation for details.
-
The dbctl dbkeyupdate function was enhanced (with update B.08.10.01)
to allow deleting data encryption keys from a database not using encryption.
|
|
|
|