hello folks, I was wondering what companies typically do as far as encryption key protection practices. Basically, I would not like a dba or onsite consultant to provide a key every time a database is provided, and neither having that put in, "in the clear" is not an option, as far as a batch startup file.
thanks much, Cosmin
There may be some 'best practices' out there that others can report one. < Pls contribute and share, tnks. >
From the SQL Anywhere features you have a few features available to you . . . Encryption keys can be provided in @configuration files, and configuration files can be encrypted, and further the content of those files can be made conditional and specific to just, say, dbsrv and or dbeng and not able to be used to grant backdoor access to utilities (ie. forcing utilitiy users to know the key, for example). All being significant barriers individually and in combinations.
After that you can use system level security to prevent access to the directory and or the specific config file to uses other than for startup and admin purposes.