Encrypting table files
NexusDB ensures that your data files are secure by providing an extensible encryption framework. Utilizing the sub-engine architecture, any number of encryption sub-engines can be registered to encrypt your data files. Only one encryption sub-engine can be used per table. Each table can specify which encryption sub-engine it wishes to use within its data dictionary.
Different algorithms can be implemented within each sub-engine to find the best balance of encryption strength and speed for your application. NexusDB includes a default encryption sub-engine which utilizes the Blowfish algorithm, but you are free to implement different encryption algorithms.
NOTE: The need for different encryption engines should not be too great, since the default Blowfish engine accepts a password used as the encryption seed.
NOTE: There is no known back door to unlock a table that has been encrypted with the blowfish engine. If you encrypt tables, do not lose the password!
Secure data transmission
The Remoting Layer also supports encryption of the data that is sent across the network. Included is a transport wrapper that uses the Blowfish algorithm that encrypts or decrypts the stream for another transport. This wrapper tunnels through the attached transport. You may also implement your own encryption algorithm if you have specific security requirements.
In addition to the included encryption options, NexusDB is working closely with StreamSec, a specialized security vendor, to implement a wide variety of encryption capabilities. StreamSec has enhanced their StrSecII library for use with NexusDB. More information is available at StreamSec's website: http://www.streamsec.com.
Client access rights
NexusDB has an extensible security framework that is implemented by a security monitor. The default security monitor uses a user access policy that is controlled by three security token: Admin, Read and Write. Each user can have any combination of these tokens within the server. Each token has specific rights:
• | The Admin token enables users to restructure databases, modify aliases and perform general administrative tasks. |
• | The Write token grants permission for the user to add data to tables. |
• | The Read token permits viewing of the data. |
The combination of the Write and Read tokens enable modification to existing data within the tables. You may use the included security monitor or write your own to support intricate security policies. These can be based on the structure of the database as well as data stored within specific records.