Refresh Authentication
Page 7 of 7

Other Security Features

Encrypting Refresh Messages Using SSL

Cloudsync does not automatically encrypt refresh messages. However, if you use a server framework that supports SSL, you can configure your system for SSL. To do this:

  • Run the source database in a server framework that supports SSL and configure the framework for SSL. Cloudconnector is an example of a server framework that supports SSL.
  • Run target databases in a JVM that supports SSL.
  • Set cloudscape.listener.synchronization.address to the correct value for SSL for the server framework.

Using Work Units to Limit SQL Access to Data

Making sure that your targets accept only work-unit updates is a powerful protection for data. When targets accept only work-unit updates, it means that the application designer controls the subset of SQL statements that are available to a target user. Controlling the SQL statements that are available to a target user gives you more control over which data such users can view or update.

You enforce work-unit-only updates by setting a database property for a publication. See cloudscape.synchronization.workUnitOnly.

Disabling Data Updates for Read-Only Targets

If targets in a publication should not have any permissions to write to the source, you can disable database write operations for them by making them read-only targets. See cloudscape.database.readAccessTarget.

Encrypting Target Databases

You can encrypt target databases to prevent non-SQL access to data in database files. Encrypting databases is described in the Cloudscape Developer's Guide.