26.6. Security

Security is an important consideration in an enterprise mobile application. Mobile devices are particularly prone to being lost, stolen, damaged, or used by someone other than the intended owner. Data synchronization with SQL Everywhere can involve connections to non-secure networks. For these reasons, Microsoft provides a variety of options to protect enterprise data stored in SQL Everywhere and to secure data as it is being synchronized.

26.6.1. Password Protection

Consider that a SQL Everywhere database is really just a file residing on a mobile client. Assuming that a malicious user has access to either Query Analyzer 3.0 or a custom application that can connect to your database file, a first line of defense to foil that connection is to password-protect your SQL Everywhere databases. Passwords are specified at the time you create your database or can be added or modified after creation during a compact operation on the Database Engine. Passwords can be up to 40 characters in length and include letters, symbols, and digits. Once added, it is impossible to access a SQL Everywhere database without specifying the correct password in your ADO.NET or OLE DB connection string (or by entering it when prompted as you connect using Query Analyzer 3.0).