Chapter 4 Securing TDS Client Access

Open Server client security

Open Server™ clients use the same security mechanisms when communicating with EAServer as regular Open Server applications except that EAServer does not support Kerberos or DCE. Open Server clients can also use EAServer supported OS based authentication. See "Configuring OS authentication".

Open Server client security mechanisms include:

• Login authentication services The fundamental security service is login authentication , or confirming that users are who they say they are. Login authentication involves user names and passwords. Users identify themselves by their user name, then supply their passwords as proof of their identity.
• Per-packet security services You can protect your Open Server applications with a number of per-packet security services, including:
  
  
  • Data confidentiality - encrypts all transmitted data and assures that strangers cannot understand in-transit data.
  • Data integrity - detects attempts to tamper with in-transit data.
  • Data origin timestamping - assures that received data was really sent by the client or the server.
  • Replay detection - detects attempts by strangers to replay captured transmissions.
  • Sequence verification - detects transmissions that arrive in a different order than they were sent.
  • Channel binding - stamps each transmission with an encrypted description of the client's and server's addresses.

See the Open Client/Server documentation for detailed information about Open Server security.

For information about migrating your Open Server applications to EAServer, see the EAServer Programmer's Guide.

Copyright © 2002 Sybase, Inc. All rights reserved.