•  Preface
  • Purpose
  • Audience
  • Organization
  • Additional resources for further information
  •  Using ABL documentation
    • References to ABL compiler and run-time features
    • References to ABL data types
  • Typographical conventions
  •  Examples of syntax descriptions
    • Long SQL syntax descriptions split across lines
    • Complex syntax descriptions with both required and optional elements
  • OpenEdge messages
•  Overview
  •  OpenEdge Core Business Services
    •  Security services
      •  Identity management
        • Authentication
        • Authorization
      •  Connection and data security
        • Confidentiality
        • Integrity
        • Trust
    •  Auditing service
      • Run-time auditing
      • Audit trails
      • Common auditing approach
      • Audit policies
      • Audit security
      • Querying and reporting
      • Archiving audit data
      • Enabling and disabling auditing
    • Transparent Data Encryption
•  Security
  •  Security in OpenEdge
    •  Application development
      • ABL applications
      • Open Client applications
    •  Application deployment
      • Secure source code
      • WebClient applications
      • Report Builder user authentication
      • Application portability
    •  Data management
      • OpenEdge levels of data security
      • Database security
      • DataServer security
    •  Application feature authorization
      • ABL run-time procedure authorization
      • OpenEdge reporting: Query/Results
      • Progress Dynamics
    •  Application service security features
      • AppServer program security
      • Security for OpenEdge Web services
      • Consuming external Web services in ABL
      • Data privacy for client connections to an AppServer
      • Firewall compatibility
    • Integration service security features
    • WebSpeed security features
    •  Progress Dynamics security features
      • Setting basic security options
      • Defining Progress Dynamics application security options
      • Using the Progress Dynamics security managers
      • Understanding the Repository security structures
    • Application network security using SSL
    • Auditing security
    •  Core user authentication and authorization
      • Configuring OpenEdge security domains in an OpenEdge RDBMS
      • Creating user IDs in the OpenEdge RDBMS _User table
      • Authenticating and authorizing a user identity
      • Asserting a user identity that is validated using single sign-on (SSO)
    •  SSL Security
      •  Changing the cryptographic protocol, ciphers, and certificates
        •  Supported protocols, ciphers, and certificates for Progress OpenEdge clients and servers
          • Example: Working with 11.4 ABL client and 11.6 AppServer
        •  Changing the default protocols and ciphers
          • Changing the default protocols and ciphers for Progress OpenEdge clients
          • Changing the default protocols and ciphers for Progress OpenEdge servers
    • Adding Server Name Indication (SNI)
  •  Cryptography
    •  Basic cryptography
      • Algorithms
      • Keys
    •  Symmetric (secret) key cryptography
      • Encryption/decryption algorithms
      • Encryption/decryption modes
      • Encryption/decryption key size
      • Combine algorithm, mode, and key size
      • OpenEdge usage
    •  Password-based encryption (PBE)
      • PBE algorithms
      • OpenEdge usage
    •  Asymmetric (public) key cryptography
      • Asymmetric keys
      • Public-key algorithms
      • OpenEdge usage
    •  Message digests
      • Message digest algorithms
      • OpenEdge usage
    •  Managing cryptographic data
      • Objectives
      • Requirements
      • OpenEdge solutions
  •  Public-Key Infrastructure (PKI)
    •  Core security services in a PKI
      • Authentication
      • Confidentiality
      • Integrity
    •  Cryptography in a PKI
      • Symmetric-key cryptography
      • Message digests and MACs
      • Public-key cryptography
      • Password-based encryption (PBE)
    •  Trust relationships and supporting mechanisms
      • PKI trust model
      •  Digital certificates and certificate store
        • Adding a wildcard character to a public key certificate
        • Adding Subject Alternative Name (SAN) to a digital certificate
      • Digital signatures
      • Client and server interactions
      •  Key and certificate management
        • Server identity management
        • Client certificate management
        • Digital certificate life-cycle management
  •  Secure Sockets Layer (SSL)
    • SSL standards support in OpenEdge
    • Features and services
    •  SSL session components
      • Session identity
      • Keys and certificates
      • Algorithms (ciphers)
      • Session caching
    • Support for trust
    • SSL interactions and the user
  •  SSL in OpenEdge
    •  OpenEdge SSL architecture
      • OpenEdge SSL client and server components
      • Non-OpenEdge SSL client and server components
    • Using SSL in OpenEdge
    •  Managing SSL server identity
      • Establishing SSL server identity
      • Using the default SSL server identity
      • Managing your own SSL server identity
    •  Configuring and running SSL sessions
      • Configuring SSL server sessions
      • Configuring SSL client sessions
      • Accessing an SSL servers X.500 Subject Name
•  Auditing
  •  Auditing in OpenEdge
    •  OpenEdge auditing
      •  What you can audit
        • Auditing database events
        • Auditing internal system events
        • Auditing application events
    •  Evaluating your auditing requirements
      • Application developer decisions
      • End user responsibilities
    • OpenEdge auditing recommendations
    • Auditing OpenEdge databases or clients earlier than Release 10.1
    • Audit data storage management
  •  Audit Security
    •  Overview
      • Asserting user identity
      • Adding security through separation of duty
    •  Managing audit privileges
      • Inheriting audit privileges: the security administrator
      • Assigning audit security privileges
      • Creating a primary and a secondary audit administrator
      •  Granting audit privileges
        • Granting audit privileges in ABL
        • Granting audit privileges in SQL
      • Revoking audit privileges
    •  Audit data archival security
      • OpenEdge Audit Archiving
    • Audit security for database clients, tools, and utilities
    • Audit security for OpenEdge databases
    •  Audit policy security
      • Sealing the audit data
      • Resolving audit policy conflicts
      • Exporting audit policy configuration as an XML file
    • Choosing additional audit options
    • Configuring additional user authentication systems and domains
    • Controlling the user ID and login sessions in audit data records
    •  Audit archiving
      • Archiving audit data
    • Assigning a database a unique identifier
  •  Configuring OpenEdge Auditing
    •  Getting started
      • Enabling an OpenEdge database for auditing
      • Connecting to the database and assigning audit-related privileges
      • Using Audit Policy Maintenance for policy creation
    •  Setting up OpenEdge auditing context
      •  Auditing context architecture
        • Database transaction context
        • Audit-event group
        • Application context
        • User login session context
      • Recording auditing context information
      • How auditing context is referenced by audit event records
      • Adding auditing context to the application
    • Managing auditing context
    • Migrating an existing application to use auditing
  •  Developing an Audit-enabled OpenEdge Application
    •  Developing an audit-enabled application
      • Audit-enabling an OpenEdge database
      • Defining application audit events
    •  Audit-enabling your OpenEdge application
      •  Implementing additional auditing options
        • Supplying OpenEdge application context information
        • Supporting user accounts outside of the _User table
        • Using a dedicated OpenEdge database for auditing
        • Setting up READ auditing
        • Using a custom audit data/policy archive tool
        • Bootstrapping the audit administrator user
        • Creating audit policy and report templates
        • Supporting custom audit policy tools
      • Updating an existing ABL application with auditing
      • Audit-enabling your SQL application
  •  Deploying an Audit-enabled OpenEdge Application
    •  Overview
      •  Developing the company's audit policy
        • Configuring long-term audit data storage
        • Audit-enabling the applications OpenEdge databases
    •  Configuring auditing at the production site
      • Setting up audit administration
      • Loading audit event definitions
      • Loading predefined audit policies
      • Setting up audit data access
    • Applying audit policy for production systems
    • Writing custom audit reports
    • Preparing to deploy your audit-enabled application
    • Upgrading an existing application to use auditing
  •  Maintaining Audit Data
    •  Common audit data maintenance tasks
      • Backing up and restoring an audit-enabled database
      • Archiving and loading audit tables
      • Copying an audit-enabled database
      • Recovering audit data
      • Modifying the indexes generated for OpenEdge audit tables
      • Modifying the audit table storage area
      • Disabling auditing
      • Handling long-term storage growth
      • Returning audit data from offline storage
      • Ensuring audit data integrity
    • Auditing performance
    •  Run-time audit maintenance
      • Monitoring your databases health
      • Querying audit data
  •  Querying and Reporting on Audit Data
    •  Overview
      • Audit data schema overview
    •  Audit data querying and reporting
      • Reporting committed data only
      • Internationalization considerations
      • Reporting on a central archive database
      • Reporting on a single database with multiple GUIDs
      • Reporting from multiple audit databases
      • Deactivated audit indexes
      • Reporting event descriptions
      • Optional client session information
      • Audit data event context
      • Audit data application context
      • Logically grouping related audit data in an audit event group
      • Grouping audit data by transaction ID
      • Grouping audit data by database connection
      • Reporting additional audit event details
      • Reporting by audit date and time
      • Reporting by user ID
      • Reporting modified field old/new values
      • Identifying database events
      • Internal audit event policies
      • Efficient index use
      • Query guidelines
    • Reporting on audit data with prefiltered and custom reports
    • Generating a custom filtered report
•  Transparent Data Encryption
  •  Transparent Data Encryption in OpenEdge RDBMS
    •  Defining the problem space
      • Providing data privacy
    • Defining Transparent Data Encryption
    •  Data security
      • Data Storage
      • Encrypted Data Configuration
      • Encryption Key
    • Before you start
    •  What is encryptable
      • Data considerations
    • Transparent Data Encryption feature summary
    •  Enabling Encryption
      • Adding an encryption area
      • Executing the ENABLEENCRYPTION command
  •  OpenEdge Key Store
    • General key store basics
    • OpenEdge key store
    •  Configuring key store access
      • Manual start
      • Autostart
    •  Key store maintenance
      • Backups
      • Modifying passphrases
      • Rebind
      • Key store reconstruct
  •  Configuring Transparent Data Encryption policies
    •  Creating encryption policies
      • Creating encryption policies with PROUTIL EPOLICY
      • Creating encryption policies with the Data Administration tool
    •  Encrypting your existing data
      • EPOLICY MANAGE UPDATE example
      • Encryption of new data
    •  Maintaining transparent data encryption
      • Rekeying encryption policies with the Data Administration tool
      • Rekeying an encryption policy with PROUTIL EPOLICY
      • Changing the cipher of an encryption policy with PROUTIL EPOLICY
      • Viewing encryption policy history in the Data Administration tool
    •  OpenEdge SQL support for transparent data encryption
      • Using the CREATE TABLE statement
      • Adding an encrypted column
      • Using the CREATE INDEX statement
      • Using the ALTER TABLE statement
      • Viewing encryption policy with the SHOW ENCRYPT statement
      • Deleting encrypted objects with OpenEdge SQL
    • Disabling encryption
•  Audit Data Tables
  • Audit data table schema
•  Preconfigured Audit Policies
  • Using the preconfigured OpenEdge audit policies