Previous Page | Next Page

Encryption Model

Default Settings for On-Disk Encryption

On-disk encryption protects data at rest. The following table describes initial support:

On-Disk Encryption and Encoding
Content and Context Algorithm Configuration
Password on disk in the metadata AES1 Controlled by the STOREPASSWORDS option in the metadata server's omaconfig.xml file.
Password on disk in a configuration file SASProprietary If you have SAS/SECURE, you can upgrade to AES. See Password Updates for Service Accounts.
Most other metadata on disk None Not configurable.
SAS data sets on disk None To apply encryption, use the ENCRYPT= data set option.2
1 If you don't have SAS/SECURE, SASProprietary is used.

2 The ENCRYPT= data set option uses a proprietary encryption algorithm that is not the same as the SASProprietary algorithm. See the SAS Language Reference: Dictionary.

Note:   Configuration files and metadata repository data sets should also be host protected.  [cautionend]

See Also:

About SAS/SECURE

Encryption Strength and Coverage

Default Settings for Over-the-Wire Encryption

How to Increase Encryption Strength for Passwords at Rest

Previous Page | Next Page | Top of Page

Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.