Re: tough choices

From: Mark Townsend <markbtownsend_at_comcast.net>
Date: Fri, 25 Jun 2004 06:08:26 GMT
Message-ID: <40DBC168.3060704@comcast.net>

Ian wrote:

> 
> Can you list the specific security features that are provided with the
> base Oracle product that are missing from DB2 UDB for LUW?
>

I'm presuming DB2 has column encryption, roles, system and object privileges, GRANT/DENY privileges, basic auditing etc. So I think that leaves

Enterprise Users (password authenticated, requires an LDAP directory)
Schema Independent Users
Security Policies (policies attached to tables and views that determine what rows can be accessed based on information known about the user)
Secure Application Contexts (the afore mentioned user information, which cannot be spoofed)
Global Application Contexts (same again, this time shared across multiple connections)
Relevant Column Enforcement (applies security policy only when query accesses named columns)
Relevant Column Masking (all rows are returned, but relevant columns are masked (hidden) according to security policy)
Partitioned Fine Grained Access Control (allows multiple security policies to be applied to the same table, information about the user determines which policy is applied)
Proxy Authentication - allows a user identity on a client to be securely proxied through a middle tier, without the need for the middle tier to know the users security credentials (password etc).
Audit Policies (similar to security polcies, in that they are specific to what the user trys to access, and that they fire an audit event)
Audit trails that include what data the user saw at the time they performed the operation (uses Flashback if the row has since been changed, deleted, etc)
Administrator Audit Trails - an audit trail of what the DBA did that the DBA etc cannot see.
Proxied User Audit Trails - an audit trail that shows what a client did via a middle tier proxy.

Last but not least, 10 independent security certifications (over multiple releases).

Note that this is just the base EE product - the Advanced Security Option, and Label Security, extends this list of features (and certifications) even further. Received on Fri Jun 25 2004 - 01:08:26 CDT