Difference between revisions of "Securing Your Data"

From Recital Documentation Wiki
Jump to: navigation, search
(DES3 Encrypting Your Data)
(Table Constraints)
 
(41 intermediate revisions by one user not shown)
Line 1: Line 1:
 
==Securing Your Data==
 
==Securing Your Data==
===Protecting Data with Constraints===
 
 
===Controlling Access to Data===
 
===Controlling Access to Data===
===DES3 Encrypting Your Data===
+
The most basic level of database security is provided by the operating system.  Recital tables and indexes are individual files with their own respective operating system file permissions.  Read permission is required to open a table and write permission to update a table.  If a user does not have read permission they are denied access. Without write permission, a table will be opened read-only.
  
 +
Here the owner, ''root'', and members of the ''recital'' group have write permission, so can update the example table unless additional protection applies.  Other users can open the example table read-only.
  
 +
<pre>
 +
# ls -l example*
 +
-rwxrwxr-x    1 root    recital        147 Nov 29 14:27 example.dbd
 +
-rwxrwxr-x    1 root    recital    41580 Nov 29 14:27 example.dbf
 +
-rwxrwxr-x    1 root    recital    13312 Nov 29 14:28 example.dbt
 +
-rwxrwxr-x    1 root    recital    19456 Nov 29 14:28 example.dbx
 +
</pre>
  
 +
Note: As in the example above, a table's associated files
 +
should have the same permissions as the table itself:
  
the ability to encrypt the data held in  
+
{| class="wikitable"
Recital database tables.  Once a database table has been encrypted,  
+
!File Extension||File Type
the data cannot be accessed unless the correct three-part encryption  
+
|-
key is specified, providing additional security for sensitive data.
+
|.dbd||Dictionary
 +
|-
 +
|.dbf||Table
 +
|-
 +
|.dbt||Memo
 +
|-
 +
|.dbx||Index
 +
|-
 +
|}
 +
 
 +
====Security====
 +
Operating System permissions can be further refined, while still using the Operating System user and group IDs, in the Security and Protection sections of the Dictionary.  The Security section handles table based operations and the Protection section focuses on individual fields.
 +
 
 +
Security and Protection rules can be defined using the [[GRANT|grant]] and [[REVOKE|revoke]] statements and are based on Access Control Strings.  An Access Control String (ACS) is a range of valid user identification codes, and is used to restrict table operations to certain individuals or groups.  A user identification code is the combination of group and user numbers. When constructing an Access Control String of linked user identification codes, wild card characters may be used.
 +
 
 +
{| class="wikitable"
 +
!Example ACS||Description
 +
|-
 +
|[1,2]||In group 1, user 2
 +
|-
 +
|[100,*]||In group 100, all users
 +
|-
 +
|[2-7,*]||In groups 2-7, all users
 +
|-
 +
|[*,100-200]||In all groups, users 100-200
 +
|-
 +
|[1,*]&amp;[2-7,1-7]||In group 1, all users, in groups 2-7, users 1-7
 +
|}
 +
 
 +
The maximum ACS length is 254 characters.
 +
 
 +
Access Control Strings may be associated with the following operations:
 +
 
 +
{| class="wikitable"
 +
!Operation||Description
 +
|-
 +
|select||Users specified in the ACS may name any column in a select statement. All other users have update access.
 +
|-
 +
|update||Users specified in the ACS can update rows in the table.  All other users are restricted to read-only access.
 +
|-
 +
|insert||Users specified in the ACS can insert rows into the table.  No other users can insert.
 +
|-
 +
|delete||Users specified in the ACS can delete rows from the table. No other users can delete.
 +
|-
 +
|alter||Users specified in the ACS can use the alter table statement on this table.
 +
|-
 +
|copy||Users specified in the ACS can copy records from the table.  No other users can copy.
 +
|-
 +
|readonly||Users specified in the ACS may read any column in a select statement. All other users have update access.
 +
|-
 +
|}
 +
 
 +
<code lang="recital">
 +
// Grant insert privilege for the customer table
 +
open database southwind
 +
grant insert on customers to "[20,100]"
 +
 +
// Grant all privileges to all users
 +
open database southwind
 +
grant all on shippers to public
 +
</code>
 +
 
 +
====Protection====
 +
Like Security rules, Protection rules can be defined using the [[GRANT|grant]] and [[REVOKE|revoke]] statements and are based on Access Control Strings. 
 +
 
 +
{| class="wikitable"
 +
!Operation||Description
 +
|-
 +
|select||Users specified in the ACS may name the column in a select statement. All other users have update access.
 +
|-
 +
|update||Users specified in the ACS may name the column in an update statement.  All other users are restricted to read-only access.
 +
|-
 +
|readonly||Users specified in the ACS may read the column in a select statement. All other users have update access.
 +
|-
 +
|}
 +
 
 +
<code lang="recital">
 +
// Grant update privilege for columns lastname and firstname from the customer table
 +
open database southwind
 +
grant update (lastname, firstname) on customers TO "[20,100]"
 +
</code>
 +
 
 +
===Protecting Data with Constraints===
 +
====Column Constraints====
 +
The Dictionary column constraints either prevent the entry of incorrect data, e.g. must_enter and validation or aid the entry of correct data, e.g. default, picture and choicelist.
 +
 
 +
The [[SQL Constraints|column constraints]] are as follows:
 +
 
 +
{| class="wikitable"
 +
!Constraint||Description
 +
|-
 +
|auto_increment | autoinc||Used to auto increment the value of a column.
 +
|-
 +
|calculated||Used to calculate the value of a column.
 +
|-
 +
|check | set check||Used to validate a change to the value of a column.
 +
|-
 +
|default||Used to set a default value for the specified column.
 +
|-
 +
|description||Used set the column description for the specified column.
 +
|-
 +
|error||Used to define an error message to be displayed when a validation check fails.
 +
|-
 +
|not null | null||Used to disallow/allow null values.
 +
|-
 +
|range||Used to specify minimum and maximum values for a date or numerical column.
 +
|-
 +
|recalculate||Used to force recalculation of calculated columns when a column&#146;s value changes.
 +
|-
 +
|references||Used to create a relationship to an index key of another table.
 +
|-
 +
|}
 +
 
 +
These can be specified in [[CREATE TABLE|create table]] or [[ALTER TABLE|alter table]] statements:
 +
 
 +
'''Example'''
 +
 
 +
<code lang="recital">
 +
open database southwind
 +
alter table customers;
 +
  add column timeref char(8);
 +
  check validtime(timeref);
 +
  error "Not a valid time string"
 +
</code>
 +
 
 +
====Table Constraints====
 +
Table Constraints allow event-driven procedures to be called before an I/O operation.  These can be used to introduce another layer of checks before a particular operation is permitted to take place or to simply set up logging of that operation.
 +
 
 +
The following table constraints may be applied in the [[CREATE TABLE|create table]] and [[ALTER TABLE|alter table]] statements:
 +
 
 +
{| class="wikitable"
 +
!Constraint||Description
 +
|-
 +
|onupdate||The specified procedure is called prior to an [[SQL UPDATE|update]] operation on the table. If the procedure returns false (.F.), then the update is canceled.
 +
|-
 +
|ondelete||The specified procedure is called prior to a [[SQL DELETE|delete]] operation on the table. If the procedure returns false (.F.), then the delete is canceled.
 +
|-
 +
|oninsert||The specified procedure is called prior to an [[SQL INSERT|insert]] operation on the table. If the procedure returns false (.F.), then the insert is canceled.
 +
|-
 +
|onopen||The specified procedure is called after an open operation on the table.
 +
|-
 +
|onclose||The specified procedure is called prior to a close operation on the table.
 +
|-
 +
|onrollback||The specified procedure is called when a user presses the escape key in a forms based operation.
 +
|}
 +
 
 +
'''Examples'''
 +
<code lang="recital">
 +
open database southwind
 +
alter table customers modify onupdate "p_update"
 +
alter table customers modify ondelete "p_delete"
 +
alter table customers modify oninsert "p_insert"
 +
alter table customers modify onopen "p_open"
 +
alter table customers modify onclose "p_close"
 +
alter table customers modify onrollback "p_rollback"
 +
</code>
 +
 
 +
The ''check'' constraint and its associated ''error'' constraint can also be defined at table level.
 +
 
 +
{| class="wikitable"
 +
!Constraint||Description
 +
|-
 +
|check | set check||Logical expression validated when an operation to insert, update or delete records in the table is called.
 +
|-
 +
|error||Used to define an error message to be displayed when a validation check fails.
 +
|}
 +
 
 +
'''Examples'''
 +
<code lang="recital">
 +
open database southwind
 +
alter table customers add check callauth();
 +
  error "Not authorized"
 +
</code>
 +
 
 +
===DES3 Encrypting Your Data===
 +
Recital gives you the ability to encrypt the data held in Recital tables.  Once a table has been encrypted, the data cannot be accessed unless the correct three-part encryption key is specified, providing additional security for sensitive data.
  
 
* [[ENCRYPT|encrypt]]
 
* [[ENCRYPT|encrypt]]
The ENCRYPT command is used to encrypt the data  
+
 
in the specified table or tables matching a skeleton. If the skeleton  
+
<pre>
syntax is used, then all matching tables will be given the same  
+
encrypt <tablename as character> | <skeleton as character> key <key as character>
encryption key. The encryption key is a three part comma-separated  
+
</pre>
key and may optionally be enclosed in angled brackets. Each part  
+
 
of the key can be a maximum of 8 characters. The key is DES3 encrypted  
+
The ''encrypt'' command is used to encrypt the data in the specified table or tables matching a skeleton. If the skeleton syntax is used, then all matching tables will be given the same encryption key. The encryption key is a three part comma-separated key and may optionally be enclosed in angled brackets. Each part of the key can be a maximum of 8 characters. The key is DES3 encrypted and stored in a ''.dkf'' file with the same basename as the table. After encryption, the three parts of the key must be specified correctly before the table can be accessed.  
and stored in a .dkf file with the same basename as the table. After  
+
encryption, the three parts of the key must be specified correctly  
+
before the table can be accessed.  
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 33: Line 214:
  
 
* [[SET ENCRYPTION|set encryption]]
 
* [[SET ENCRYPTION|set encryption]]
If a database table is encrypted, the correct three-part encryption
 
key must be specified before the table's data or structure can be
 
accessed.  The SET ENCRYPTION TO set command can be used to specify
 
a default encryption key to be used whenever an encrypted table
 
is accessed without the key being specified. The encryption key
 
is a three part comma-separated key.
 
  
If the command to access the table includes the key, either by  
+
<pre>
appending it to the table filename specification or using an explicit  
+
set encryption to [<key as character>]
clause, this will take precedence over the key defined by SET ENCRYPTION
+
set encryption on | off
TO.
+
</pre>
Issuing SET ENCRYPTION TO without a key causes any previous setting  
+
 
to be cleared. The key must then be specified for each individual  
+
If a database table is encrypted, the correct three-part encryption key must be specified before the table's data or structure can be accessed.  The ''set encryption to'' set command can be used to specify a default encryption key to be used whenever an encrypted table is accessed without the key being specified. The encryption key is a three part comma-separated key.
encrypted table.
+
 
The default key defined by SET ENCRYPTION is only active when SET
+
If the command to access the table includes the key, either by appending it to the table filename specification or using an explicit clause, this will take precedence over the key defined by ''set encryption to''.
ENCRYPTION is ON. SET ENCRYPTION OFF can be used to temporarily  
+
Issuing ''set encryption to'' without a key causes any previous setting to be cleared. The key must then be specified for each individual encrypted table.
disable the default key. The SET ENCRYPTION ON | OFF setting does  
+
 
not change the default key itself. SET ENCRYPTION is ON by default.
+
The default key defined by ''set encryption to'' is only active when ''set encryption'' is ''on''. ''Set encryption off'' can be used to temporarily disable the default key. The ''set encryption on | off'' setting does not change the default key itself. ''Set encryption'' is ''on'' by default.
  
 
<code lang="recital">
 
<code lang="recital">
 
// Encrypt individual tables
 
// Encrypt individual tables
encrypt customers key "key_1,key_2,key_3";
+
encrypt customers key "key_1,key_2,key_3"
 
encrypt shippers key "key_2,key_3,key_4"
 
encrypt shippers key "key_2,key_3,key_4"
 
// Specify a default encryption key
 
// Specify a default encryption key
 
set encryption to "key_1,key_2,key_3"
 
set encryption to "key_1,key_2,key_3"
 
// Open customers table using the default encryption key
 
// Open customers table using the default encryption key
 
 
use customers
 
use customers
 
// Specify shippers table's encryption key
 
// Specify shippers table's encryption key
Line 71: Line 245:
  
 
* [[DECRYPT|decrypt]]
 
* [[DECRYPT|decrypt]]
The DECRYPT command is used to decrypt the data in the specified  
+
 
table or tables matching a skeleton. The specified key must contain  
+
<pre>
the three part comma-separated key used to previously encrypt the  
+
encrypt <tablename as character> | <skeleton as character> key <key as character>
table and may optionally be enclosed in angled brackets. The skeleton  
+
</pre>
syntax can only be used if all tables matching the skeletonhave
+
 
the same key.
+
The ''decrypt'' command is used to decrypt the data in the specified table or tables matching a skeleton. The specified key must contain the three part comma-separated key used to previously encrypt the table and may optionally be enclosed in angled brackets. The skeleton syntax can only be used if all tables matching the skeleton have the same key.
The DECRYPT command decrypts the data and removes the table's .dkf  
+
 
file.  After decryption, the key need no longer be specified to  
+
The ''decrypt'' command decrypts the data and removes the table's '.dkf'' file.  After decryption, the key need no longer be specified to gain access to the table.
gain access to the table.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 91: Line 264:
  
 
All of the following commands are affected when a table is encrypted:
 
All of the following commands are affected when a table is encrypted:
* [[APPEND FROM|append from]]
 
* [[COPY FILE|copy file]]
 
* [[COPY STRUCTURE|copy structure]]
 
* [[COPY|copy]]
 
* [[DIR|dir]]
 
* [[USE|use]]
 
* [[SQL INSERT|SQL insert]]
 
* [[SQL SELECT|SQL select]]
 
* [[SQL UPDATE|SQL update]]
 
  
APPEND FROM
+
* [[APPEND FROM|append from]] - append records to the active table from another table
Used to append records to the active table from another table.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 111: Line 274:
 
</code>
 
</code>
  
COPY FILE
+
* [[COPY FILE|copy file]] - copy a file
Used to copy a file.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 123: Line 285:
 
</code>
 
</code>
  
COPY STRUCTURE
+
* [[COPY STRUCTURE|copy structure]] - copy a table's structure to a new table
Used to copy a table's structure to a new table.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 135: Line 296:
 
</code>
 
</code>
  
COPY
+
* [[COPY|copy]] - copy a table
Used to copy a table.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 142: Line 302:
 
// source table and the target table encrypted with the same key
 
// source table and the target table encrypted with the same key
 
encrypt customers key "key_1,key_2,key_3"
 
encrypt customers key "key_1,key_2,key_3"
 
 
use customers encryption "key_1,key_2,key_3"
 
use customers encryption "key_1,key_2,key_3"
 
copy to newcustomers
 
copy to newcustomers
 
use newcustomers encryption "key_1,key_2,key_3"
 
use newcustomers encryption "key_1,key_2,key_3"
 
 
// You can also create a copy with a different key
 
// You can also create a copy with a different key
 
encrypt customers key "key_1,key_2,key_3"
 
encrypt customers key "key_1,key_2,key_3"
 
use customers encryption "key_1,key_2,key_3"
 
use customers encryption "key_1,key_2,key_3"
 
copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3"
 
copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3"
 
 
use newcustomers encryption "newkey_1,newkey_2,newkey_3"
 
use newcustomers encryption "newkey_1,newkey_2,newkey_3"
 
 
// Or create a decrypted copy
 
// Or create a decrypted copy
 
encrypt customers key "key_1,key_2,key_3";
 
encrypt customers key "key_1,key_2,key_3";
Line 159: Line 315:
 
copy to newcustomers decrypt
 
copy to newcustomers decrypt
 
use newcustomers
 
use newcustomers
 
 
// You can also create an encrypted copy of a non-encrypted source table
 
// You can also create an encrypted copy of a non-encrypted source table
 
use orders
 
use orders
Line 166: Line 321:
 
</code>
 
</code>
  
DIR
+
* [[DIR|dir]] - display a directory listing of tables
Used to display a directory listing of tables.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 177: Line 331:
 
<pre>
 
<pre>
 
Current database: southwind
 
Current database: southwind
Tables           # Records   Last Update   Size Dictionary Triggers Security
+
Tables # Records Last Update Size Dictionary Triggers Security
categories.dbf           8   01/10/06    24576 None       None     None
+
categories.dbf 8 01/10/09 24576 None None None
cisamdemo.dbf       ---> CISAM/Bridge       [cisamdemo]
+
cisamdemo.dbf ---> CISAM/Bridge [cisamdemo]
customers.dbf (DES3)     91   05/12/04    49600 None       None     None
+
customers.dbf (DES3) 91 05/12/09 49600 None None None
employees.dbf             9   05/12/04    25520 None       None     None
+
employees.dbf 9 05/12/09 25520 None None None
example.dbf  (DES3)   100   12/24/05    38080 Yes       Yes     None
+
example.dbf  (DES3) 100 12/24/09 38080 Yes Yes None
order_details.dbf     2155   05/12/04    296320 None       None     None
+
order_details.dbf 2155 05/12/09 296320 None None None
orders.dbf             829   05/12/04    232704 None       None     None
+
orders.dbf 829 05/12/09 232704 None None None
products.dbf             77   05/12/04    37112 None       None     None
+
products.dbf 77 05/12/09 37112 None None None
productsbyname.dbf       77   05/12/04    29104 None       None     None
+
productsbyname.dbf 77 05/12/09 29104 None None None
shippers.dbf  (DES3)     3   05/12/04    20864 None       None     None
+
shippers.dbf  (DES3) 3 05/12/09 20864 None None None
suppliers.dbf           29   12/08/05    29992 Yes       None     None
+
suppliers.dbf 29 12/08/09 29992 Yes None None
  
 
   0.765 MB in 11 files.
 
   0.765 MB in 11 files.
Line 194: Line 348:
 
</pre>
 
</pre>
  
USE
+
* [[USE|use]] - open a table
Used to open a table.
+
  
 
<code lang="recital">
 
<code lang="recital">
Line 210: Line 363:
 
</code>
 
</code>
  
SQL INSERT
+
* [[SQL INSERT|SQL insert]] - add a row to a table
Used to add a row to a table via SQL.
+
  
 
<code lang="recital">
 
<code lang="recital">
 
// The three part key can be specified using a
 
// The three part key can be specified using a
 
// default encryption key before opening the table
 
// default encryption key before opening the table
exec sql
+
open database southwind
  OPEN DATABASE southwind;
+
set encryption to "key_1,key_2,key_3"
exec sql
+
insert into customers;
  SET ENCRYPTION TO "key_1,key_2,key_3"
+
   (customerid, companyname);
exec sql
+
   values ("RECIT","Recital Corporation")
  INSERT INTO customers
+
   (customerid, companyname)
+
   VALUES
+
  ('RECIT','Recital Corporation');
+
 
+
 
// Or by appending the key to the filename
 
// Or by appending the key to the filename
 
+
open database southwind
exec sql
+
insert into customers<key_1,key_2,key_3>;
  OPEN DATABASE southwind;
+
   (customerid, companyname);
exec sql
+
   values ("RECIT","Recital Corporation")
  INSERT INTO customers<key_1,key_2,key_3>
+
   (customerid, companyname)
+
   VALUES
+
  ('RECIT','Recital Corporation');
+
 
</code>
 
</code>
  
SQL SELECT
+
* [[SQL SELECT|SQL select]] - return data from a table or tables
Used to return data from a table via SQL.
+
  
 
<code lang="recital">
 
<code lang="recital">
 
// The three part key can be specified using a
 
// The three part key can be specified using a
 
// default encryption key before opening the table
 
// default encryption key before opening the table
exec sql
+
open database southwind
  OPEN DATABASE southwind;
+
set encryption to "key_1,key_2,key_3"
exec sql
+
select * from customers
  SET ENCRYPTION TO "key_1,key_2,key_3";
+
exec sql
+
  SELECT * FROM customers;
+
 
// Or by appending the key to the filename
 
// Or by appending the key to the filename
 +
open database southwind
 +
select * from customers<key_1,key_2,key_3>
 +
</code>
  
exec sql
+
* [[SQL UPDATE|SQL update]] - update data in a table
  OPEN DATABASE southwind;
+
exec sql
+
  SELECT * FROM customers<key_1,key_2,key_3>;
+
 
+
SQL UPDATE
+
Used to update data in a table via SQL.
+
  
 
<code lang="recital">
 
<code lang="recital">
 
// The three part key can be specified using a
 
// The three part key can be specified using a
 
// default encryption key before opening the table
 
// default encryption key before opening the table
exec sql
+
open database southwind
  OPEN DATABASE southwind;
+
set encryption to "key_1,key_2,key_3"
exec sql
+
update customers;
  SET ENCRYPTION TO "key_1,key_2,key_3";
+
   set companyname="Recital Corporation Inc.";
exec sql
+
   where customerid="RECIT"
  UPDATE customers
+
   SET companyname='Recital Corporation Inc.'
+
   WHERE customerid='RECIT';
+
 
// Or by appending the key to the filename
 
// Or by appending the key to the filename
exec sql
+
open database southwind
  OPEN DATABASE southwind;
+
update customers<key_1,key_2,key_3>;
exec sql
+
   set companyname="Recital Corporation Inc.";
  UPDATE customers<key_1,key_2,key_3>
+
   where customerid="RECIT"
 
+
   SET companyname='Recital Corporation Inc.'
+
   WHERE customerid='RECIT';
+
 
+
 
</code>
 
</code>

Latest revision as of 12:12, 26 January 2010

Securing Your Data

Controlling Access to Data

The most basic level of database security is provided by the operating system. Recital tables and indexes are individual files with their own respective operating system file permissions. Read permission is required to open a table and write permission to update a table. If a user does not have read permission they are denied access. Without write permission, a table will be opened read-only.

Here the owner, root, and members of the recital group have write permission, so can update the example table unless additional protection applies. Other users can open the example table read-only.

# ls -l example*
-rwxrwxr-x    1 root     recital        147 Nov 29 14:27 example.dbd
-rwxrwxr-x    1 root     recital     41580 Nov 29 14:27 example.dbf
-rwxrwxr-x    1 root     recital     13312 Nov 29 14:28 example.dbt
-rwxrwxr-x    1 root     recital     19456 Nov 29 14:28 example.dbx

Note: As in the example above, a table's associated files should have the same permissions as the table itself:

File Extension File Type
.dbd Dictionary
.dbf Table
.dbt Memo
.dbx Index

Security

Operating System permissions can be further refined, while still using the Operating System user and group IDs, in the Security and Protection sections of the Dictionary. The Security section handles table based operations and the Protection section focuses on individual fields.

Security and Protection rules can be defined using the grant and revoke statements and are based on Access Control Strings. An Access Control String (ACS) is a range of valid user identification codes, and is used to restrict table operations to certain individuals or groups. A user identification code is the combination of group and user numbers. When constructing an Access Control String of linked user identification codes, wild card characters may be used.

Example ACS Description
[1,2] In group 1, user 2
[100,*] In group 100, all users
[2-7,*] In groups 2-7, all users
[*,100-200] In all groups, users 100-200
[1,*]&[2-7,1-7] In group 1, all users, in groups 2-7, users 1-7

The maximum ACS length is 254 characters.

Access Control Strings may be associated with the following operations:

Operation Description
select Users specified in the ACS may name any column in a select statement. All other users have update access.
update Users specified in the ACS can update rows in the table. All other users are restricted to read-only access.
insert Users specified in the ACS can insert rows into the table. No other users can insert.
delete Users specified in the ACS can delete rows from the table. No other users can delete.
alter Users specified in the ACS can use the alter table statement on this table.
copy Users specified in the ACS can copy records from the table. No other users can copy.
readonly Users specified in the ACS may read any column in a select statement. All other users have update access.
// Grant insert privilege for the customer table
open database southwind
grant insert on customers to "[20,100]" 
 
// Grant all privileges to all users
open database southwind
grant all on shippers to public

Protection

Like Security rules, Protection rules can be defined using the grant and revoke statements and are based on Access Control Strings.

Operation Description
select Users specified in the ACS may name the column in a select statement. All other users have update access.
update Users specified in the ACS may name the column in an update statement. All other users are restricted to read-only access.
readonly Users specified in the ACS may read the column in a select statement. All other users have update access.
// Grant update privilege for columns lastname and firstname from the customer table
open database southwind
grant update (lastname, firstname) on customers TO "[20,100]"

Protecting Data with Constraints

Column Constraints

The Dictionary column constraints either prevent the entry of incorrect data, e.g. must_enter and validation or aid the entry of correct data, e.g. default, picture and choicelist.

The column constraints are as follows:

Constraint Description
autoinc Used to auto increment the value of a column.
calculated Used to calculate the value of a column.
set check Used to validate a change to the value of a column.
default Used to set a default value for the specified column.
description Used set the column description for the specified column.
error Used to define an error message to be displayed when a validation check fails.
null Used to disallow/allow null values.
range Used to specify minimum and maximum values for a date or numerical column.
recalculate Used to force recalculation of calculated columns when a column’s value changes.
references Used to create a relationship to an index key of another table.

These can be specified in create table or alter table statements:

Example

open database southwind
alter table customers;
  add column timeref char(8);
  check validtime(timeref);
  error "Not a valid time string"

Table Constraints

Table Constraints allow event-driven procedures to be called before an I/O operation. These can be used to introduce another layer of checks before a particular operation is permitted to take place or to simply set up logging of that operation.

The following table constraints may be applied in the create table and alter table statements:

Constraint Description
onupdate The specified procedure is called prior to an update operation on the table. If the procedure returns false (.F.), then the update is canceled.
ondelete The specified procedure is called prior to a delete operation on the table. If the procedure returns false (.F.), then the delete is canceled.
oninsert The specified procedure is called prior to an insert operation on the table. If the procedure returns false (.F.), then the insert is canceled.
onopen The specified procedure is called after an open operation on the table.
onclose The specified procedure is called prior to a close operation on the table.
onrollback The specified procedure is called when a user presses the escape key in a forms based operation.

Examples

open database southwind
alter table customers modify onupdate "p_update"
alter table customers modify ondelete "p_delete"
alter table customers modify oninsert "p_insert"
alter table customers modify onopen "p_open"
alter table customers modify onclose "p_close"
alter table customers modify onrollback "p_rollback"

The check constraint and its associated error constraint can also be defined at table level.

Constraint Description
set check Logical expression validated when an operation to insert, update or delete records in the table is called.
error Used to define an error message to be displayed when a validation check fails.

Examples

open database southwind
alter table customers add check callauth(); 
  error "Not authorized"

DES3 Encrypting Your Data

Recital gives you the ability to encrypt the data held in Recital tables. Once a table has been encrypted, the data cannot be accessed unless the correct three-part encryption key is specified, providing additional security for sensitive data.

encrypt <tablename as character> | <skeleton as character> key <key as character>

The encrypt command is used to encrypt the data in the specified table or tables matching a skeleton. If the skeleton syntax is used, then all matching tables will be given the same encryption key. The encryption key is a three part comma-separated key and may optionally be enclosed in angled brackets. Each part of the key can be a maximum of 8 characters. The key is DES3 encrypted and stored in a .dkf file with the same basename as the table. After encryption, the three parts of the key must be specified correctly before the table can be accessed.

// Encrypt individual tables
encrypt customers key "key_1,key_2,key_3"
encrypt employees key "<key_1,key_2,key_3>"
 
// Encrypt all .dbf files in the directory
encrypt *.dbf key "key_1,key_2,key_3"
set encryption to [<key as character>]
set encryption on | off

If a database table is encrypted, the correct three-part encryption key must be specified before the table's data or structure can be accessed. The set encryption to set command can be used to specify a default encryption key to be used whenever an encrypted table is accessed without the key being specified. The encryption key is a three part comma-separated key.

If the command to access the table includes the key, either by appending it to the table filename specification or using an explicit clause, this will take precedence over the key defined by set encryption to. Issuing set encryption to without a key causes any previous setting to be cleared. The key must then be specified for each individual encrypted table.

The default key defined by set encryption to is only active when set encryption is on. Set encryption off can be used to temporarily disable the default key. The set encryption on | off setting does not change the default key itself. Set encryption is on by default.

// Encrypt individual tables
encrypt customers key "key_1,key_2,key_3"
encrypt shippers key "key_2,key_3,key_4"
// Specify a default encryption key
set encryption to "key_1,key_2,key_3"
// Open customers table using the default encryption key
use customers
// Specify shippers table's encryption key
use shippers<key_2,key_3,key_4>
// Disable the default encryption key
set encryption to
// Specify the individual encryption keys
use customers encryption "key_1,key_2,key_3"
use shippers<key_2,key_3,key_4>
encrypt <tablename as character> | <skeleton as character> key <key as character>

The decrypt command is used to decrypt the data in the specified table or tables matching a skeleton. The specified key must contain the three part comma-separated key used to previously encrypt the table and may optionally be enclosed in angled brackets. The skeleton syntax can only be used if all tables matching the skeleton have the same key.

The decrypt command decrypts the data and removes the table's '.dkf file. After decryption, the key need no longer be specified to gain access to the table.

// Decrypt individual tables
decrypt customers key "key_1,key_2,key_3"
decrypt employees key "<key_1,key_2,key_3>"
 
// Decrypt all .dbf files in the directory
decrypt *.dbf key "key_1,key_2,key_3"

All of the following commands are affected when a table is encrypted:

  • append from - append records to the active table from another table
// The key must be specified for an encrypted source table
use mycustomers
append from customers encryption "key_1,key_2,key_3";
for country = "UK"
// The key file must also be copied for an encrypted source table
// as the target table will be encrypted
encrypt customers key "key_1,key_2,key_3"
copy file customers.dbf to newcustomers.dbf
copy file customers.dkf to newcustomers.dkf
use newcustomers encryption "key_1,key_2,key_3"
// The key file is automatically copied for an encrypted source table
// and the target table encrypted
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy structure to blankcust
use blankcust encryption "key_1,key_2,key_3"
  • copy - copy a table
// By default, the key file is automatically copied for an encrypted
// source table and the target table encrypted with the same key
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy to newcustomers
use newcustomers encryption "key_1,key_2,key_3"
// You can also create a copy with a different key
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3"
use newcustomers encryption "newkey_1,newkey_2,newkey_3"
// Or create a decrypted copy
encrypt customers key "key_1,key_2,key_3";
use customers encryption "key_1,key_2,key_3"
copy to newcustomers decrypt
use newcustomers
// You can also create an encrypted copy of a non-encrypted source table
use orders
copy to encorders encrypt "newkey_1,newkey_2,newkey_3"
use encorders encryption "newkey_1,newkey_2,newkey_3"
  • dir - display a directory listing of tables
// Encrypted tables are flagged as such with (DES3)
open database southwind
dir
Current database: southwind
Tables		# Records		Last Update	Size		Dictionary	Triggers	Security
categories.dbf		8		01/10/09		24576	None		None		None
cisamdemo.dbf	--->	CISAM/Bridge	[cisamdemo]
customers.dbf (DES3)	91		05/12/09		49600	None		None		None
employees.dbf		9		05/12/09		25520	None		None		None
example.dbf   (DES3)	100		12/24/09		38080	Yes		Yes		None
order_details.dbf		2155		05/12/09		296320	None		None		None
orders.dbf			829		05/12/09		232704  	None		None		None
products.dbf		77		05/12/09		37112  	None		None		None
productsbyname.dbf	77		05/12/09		29104  	None		None		None
shippers.dbf  (DES3)	3		05/12/09		20864  	None		None		None
suppliers.dbf		29		12/08/09		29992  	Yes		None		None

   0.765 MB in 11 files.
   1.093 GB remaining on drive.
  • use - open a table
// The three part key must be specified to open an
// encrypted table.  All of the following are valid.
// 1. Specifying a default encryption key before opening the table
set encryption to "key_1,key_2,key_3"
use customers
// 2. Appending the key to the filename
use customers<key_1,key_2,key_3>
// 3. Using the ENCRYPTION clause, optionally specifying angled brackets
use customers encryption "key_1,key_2,key_3"
use customers encryption "<key_1,key_2,key_3>"
// The three part key can be specified using a
// default encryption key before opening the table
open database southwind
set encryption to "key_1,key_2,key_3"
insert into customers;
  (customerid, companyname);
  values ("RECIT","Recital Corporation")
// Or by appending the key to the filename
open database southwind
insert into customers<key_1,key_2,key_3>;
  (customerid, companyname);
  values ("RECIT","Recital Corporation")
// The three part key can be specified using a
// default encryption key before opening the table
open database southwind
set encryption to "key_1,key_2,key_3"
select * from customers
// Or by appending the key to the filename
open database southwind
select * from customers<key_1,key_2,key_3>
// The three part key can be specified using a
// default encryption key before opening the table
open database southwind
set encryption to "key_1,key_2,key_3"
update customers;
  set companyname="Recital Corporation Inc.";
  where customerid="RECIT"
// Or by appending the key to the filename
open database southwind
update customers<key_1,key_2,key_3>;
  set companyname="Recital Corporation Inc.";
  where customerid="RECIT"