Question & Answer
Question
What are the choices for setting up authentication protection and using encrypted data with Informix Dynamic Server?
Cause
You can use a Communication Support Module (CSM) to encrypt data transmissions, including distributed queries, over the network, or Secure Sockets Layer (SSL) communications to encrypt data in end-to-end, secure TCP/IP and DRDA connections between two points over a network.
- As an alternative, users can be authenticated at connection time. Connection authentication is less optimal, since security is determined by the module used for the authentication. After authentication, a user can specify a database to connect to, and has access to database objects based on authorization by the DBA.
The connection authentication alternatives are:
- OS Lookup: If an encrypted connection and encrypted data transmission are not needed, the default method for an Informix connection is to provide a valid user ID and an authentication token (usually a password) that match the credentials of a user account on the Informix host computer operating system (OS). The most frequent authentication method is based on OS look-up, in which a user ID and password pair are passed directly to the OS for verification.
- Pluggable Authentication Modules (PAM) can be used with Informix systems running on UNIX or Linux. In this case, the developer would use a module to implement an alternative authentication mechanism that is designed as a part of a specific application.
- Lightweight Directory Access Protocol (LDAP) Authentication Support for Windows can be used by way of the LDAP Authentication Support module. The user is authenticated by way of a Windows LDAP server..
Authentication Modules: Connection authentication can be configured using authentication modules.
Answer
Considerations for CSM:
- You cannot use an encryption CSM and a simple password CSM simultaneously.
- You cannot use either simple password CSM or encryption CSM over a multiplexed connection.
- Enterprise Replication and high-availability clusters (High-Availability Data Replication, remote stand-alone secondary servers, and shared disk secondary servers) support encryption, but cannot use a connection configured with a CSM.
- Encrypted connections and unencrypted connections cannot be combined on the same port..
- CSMs can be used for connections with SQLI clients but not for connections with DRDA clients.
Considerations for SSL
- You can use SSL for encrypted communication for both DRDA® and SQLI clients.
- SSL is a more widely used alternative to the IBM Informix CSMs. Its useable with:
- IBM® Data Server Driver for JDBC and SQLJ connections.
- IBM Informix ESQL/C or ODBC Driver connections.
- DB-Access connections
- Enterprise Replication connections and High-availability data replication (HDR) connections between an HDR primary server and one or more secondary servers of any type (HDR secondary, SD secondary, or RS secondary).
- Distributed transaction connections, which span multiple database servers.
- The dbexport, dbimport, dbschema, and dbload utility connections.
- Connection Manager connections between servers in a cluster.
Using CSM
For an overview of CSM, check out Using Connection Support Modules (CSM).
Using SSL
For an overview of SSL, check out Using Secure Sockets Layer (SSL) Protocol.
Related Information
[{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"11.5;11.7;12.1","Edition":"","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
03 June 2021
UID
swg21680675