SQL Anywhere Studio Security Guide
Keeping Your Data Secure
Running the database server in a secure fashion
Client/server communication encryption is a separately licensable component and must be ordered before you can install it. To order this component, see the card in your SQL Anywhere Studio package or see http://www.sybase.com/detail?id=1015780.
You can set client/server encryption when you start the database server or in the client connection parameters. You can encrypt all native Adaptive Server Anywhere packets (Embedded SQL, ODBC, and OLEDB) that are transmitted to and from all clients. TDS packets (Java connections, including Sybase Central and Interactive SQL, as well as Open Client connections) are not encrypted.
When you use strong encryption by specifying -ec
ECC_TLS or RSA_TLS in the server command, all connections to the server must perform a Certicom handshake. This handshake cannot be faked and Certicom encryption ensures that invalid packets, which may be intended to harm the server, are discarded.
To force encryption of client/server communications from the server
Start the database server using the -ec
option. For example:
dbsrv9 -ec simple,ECC_TLS -x tcpip "c:\Program Files\Sybase\SQL Anywhere 9\asademo.db"
For more information, see -ec server option.
To force encryption of client/server communications from a particular client
Add the Encryption (ENC) connection parameter to your connection string.
"UID=DBA;PWD=SQL;ENG=myeng;LINKS=tcpip; Encryption=ECC_TLS (trusted_certificates=sample.crt)"
You can also set this parameter on the Advanced tab of the Connect dialog and on the Network tab of the ODBC data source dialog.
For more information, see Encryption connection parameter [ENC].