What's new for security in Informix, Version 12.10

This publication includes information about new features and changes in existing functionality.

The following changes and enhancements are relevant to this publication. For a complete list of what's new in this release, go to What's new in Informix®.

Table 1. What's new in IBM Informix Security Guide for Version 12.10.xC11
Overview Reference
The TLS version 1.0 and 1.1 are no longer the default values but are available with explicit coding in the onconfig file. Only TLS version 1.2 is enabled by default. TLS_VERSION configuration parameter
Table 2. What's new in IBM Informix Security Guide for Version 12.10.xC8
Overview Reference
Encrypt storage spaces

You can now encrypt storage spaces. The data in encrypted storage spaces is unintelligible without the encryption key. Encrypting storage spaces is an effective way to protect sensitive information that is stored on media.

 Storage space encryption
Table 3. What's new in IBM Informix Security Guide for Version 12.10.xC6
Overview Reference
Enhanced auditing of Informix databases with IBM® Security Guardium®

You now have increased capabilities when you audit the user actions for your Informix database server with IBM Security Guardium, version 10.0. IBM Security Guardium can now mask sensitive data. IBM Security Guardium can now audit, and if necessary, close, any Informix connection, regardless of the connection protocol. Previously, IBM Security Guardium audited and closed only TCP connections.

After you set up the Guardium server, you start the ifxguard utility to monitor connections to your Informix databases. You can customize the behavior of the ifxguard utility by editing the ifxguard configuration file and by setting the IFXGUARD configuration parameter in the onconfig file.

 Auditing with IBM Security Guardium (UNIX, Linux)
Table 4. What's new in IBM Informix Security Guide for Version 12.10.xC4
Overview Reference
PAM password authentication for DRDA connections

You can implement password authentication through a pluggable authentication module (PAM) for Distributed Relational Database Architecture™ (DRDA) connections.

Pluggable authentication modules (UNIX or Linux)
Table 5. What's new in IBM Informix Security Guide for Version 12.10.xC2
Overview Reference
Transport Layer Security (TLS) versions 1.0, 1.1 and 1.2 enabled by default

Informix database server-client connections are now enabled by default at the Transport Layer Security (TLS) versions 1.0, 1.1 and 1.2. Previously, the default version was 1.0. TLS is the successor to Secure Sockets Layer (SSL) and provides cryptographic protocols for client/server connections. You can use the new TLS_VERSION configuration parameter to change the TLS connection versions to accommodate the security needs and client connections of your enterprise.

 Secure sockets layer protocol
Parent topic: Security in HCL Informix
Copyright© 2018 HCL Technologies Limited