Chapter 4: Securing TDS Client Access
Open Server™ clients use the same security mechanisms when communicating with EAServer as regular Open Server applications except that EAServer does not support Kerberos or DCE. Open Server clients can also use EAServer supported OS based authentication. See “Configuring OS authentication”.
Open Server client security mechanisms include:
Login authentication services The fundamental security service is login authentication, or confirming that users are who they say they are. Login authentication involves user names and passwords. Users identify themselves by their user name, then supply their passwords as proof of their identity.
Data confidentiality – encrypts all transmitted data and assures that strangers cannot understand in-transit data.
Data integrity – detects attempts to tamper with in-transit data.
Data origin time stamping – assures that received data was really sent by the client or the server.
Replay detection – detects attempts by strangers to replay captured transmissions.
Sequence verification – detects transmissions that arrive in a different order than they were sent.
Channel binding – stamps each transmission with an encrypted description of the client’s and server’s addresses.
See the Open Client/Server documentation for detailed information about Open Server security.
For information about migrating your Open Server applications to EAServer, see Appendix B, “Migrating Open Server Applications to EAServer,” in the EAServer Programmer’s Guide.
|Copyright © 2005. Sybase Inc. All rights reserved.|