Cassiopeia Data Security

Though it is possible to store documents in the cloud (Advanced Science Data Center) most users will probably prefer to keep their data on the local hard drive or at least a machine in the local area network. But even if so how can the author of a Cassiopeia document be sure that his potentially sensible data is accessed by authorized users only and cannot be spied out? Cassiopeia offers three security measures:
  • The communication between Cassiopeia and the underlying datastore (FrontBase) can be SSL-encrypted
  • The database file itself can be disk-encrypted
  • Dedicated access privileges can be set for each document
So even if some intruder (worm, virus,...) makes it through the firewall into the LAN the Cassiopeia documents are still save and remain unaccessible by unauthorized parties.

Securing communication

On Mac OS X FrontBase stores database files in /Library/FrontBase/Databases. When Cassiopeia is started for the first time it looks for a database file Cassiopeia.fb in this directory. If none is found a default database Cassiopeia.fb is written into this directory to simplify the setup procedure. A *.fb file is accompanied by a couple of other [automatically generated] files with the same name but different extension. The one we are interested in for securing communication is <databasename>.options so in our case Cassiopeia.options. We want to add the option -scomm to this file which enables secure communication.

You can do so by using /Applications/Utilities/ and executing the following commands to open the options file

  • cd /Library/FrontBase/Databases
  • pico Cassiopeia.options
then entering -scomm and saving changes and exiting pico. You can alternatively use or your preferred editor to edit the options file. After adding the -scomm option restart the Cassiopeia database with or simply restart your Mac.

Encrypting the database file

Encrypting the database file adds an additional degree of security. In most cases this will not be considered necessary but if you are notorious about security you might want to make use of the disk encryption feature when creating a database.

Since the default database Cassiopeia is probably already installed on you machine we have to either first remove this database or create another database with a different name. We create a new database named Repository in this example.

Executing the required commands requires root privileges. You might not yet have set a root password on your machine. So please do the following in logged in as a user with admin privileges to set the root password.

sudo passwd root

You will be asked for your password and then have to choose a password for the user root. You will have to enter it twice (verification). After setting a root password do the following to create the encryüted database Repository on the command line.

su -
cd /Library/FrontBase/Databases
/Library/FrontBase/bin/FBKeyGenerator des Repository.key
/Library/FrontBase/bin/FrontBase -create -scomm -sdisk -key=Repository.key Repository

The database is created and running now. You may press Ctrl-c to stop it and close the terminal session. Then start and click on Monitor.

If localhost is not yet inthe list enter locahost in the Add Host: field and press <Return>. Then click on localhst in the list. The database Repository should appear in the second column. Select it and click on OK.

You can select databases on this window and then start or stop them. The above panel indicates that our new database is running.

Now start Cassiopeia and open its preferences panel. It will probably look as follows:

We want to make Cassiopeia connect to our new database Repository. Click on Set and then on localhost in the left column (add localhost if not yet in th eleft column) to list available databases.

Select Repository and click on Select. The preferences panel should look as follows now.

Switch to the License pane and make sure the Force Schema Update checkbox in the lower right corner is checked.

Then close the preferences panel and choose Database - Log On from the menu. The Connect Information panel should reflect our changes.

Make sure the Cloud control in the lower left corner is not checked and enter ROOT for the username and leave the password fields blank. Click on OK.

Cassiopeia generates SQL statements now to setup the new database. If asked for permission to execute these statements click on Yes.

After a couple of seconds the database should be set up and user ROOT successfully logged in indicated by the appearing Object Browser window.

You may now start using your new database Repository with encrypted communication and encrypted disk storage.

Creating user accounts and granting access privileges

Since Cassiopeia strores documents in a relational database the word processing system is per se multi-user enabled. After setting up a new database you may want to set a password for the default user ROOT and or create additional user accounts.

Start (should be in your /Applications folder) and open its preferences panel. Make sure the connect information is correct (points to the correct database, in our example case the newly created database Repository [see last section], in your case it could be Cassiopeia or any other database instead). If the connect info is unset or incorrect click on Set and choose the correct database.

Then choose Database - Log On to connect to the database.

No password is set for any of the default user accounts. Select one after the other and click on Set Password to set passwords. Make sure to use one you can remember. You won't be able to access the database without this password once it is set.

The check boxes indicate that you have set passwords for the users now. You might want to create dedicated user accounts now for yourself and members of your workgroup and use the super user account ROOT for administrative purposes only. Click on Create User and enter a user name, e.g. joe.

Click on OK to create the user. Note, that no password has been set for this user so far.

Select the newly created user and click in Set Password to set a pasword as described above. Create as many additional user as you like.

Now restart Cassiopia and try to log in with one of the newly created accounts.

Create a new document with Database - Create Document

and enter some content.

While still in the document press Command-Shift-B to create an alias on the Object Browser window.

Now Ctrl-Shift-Double-Click on this alias to open the privilages panel.

Note that the document is acessible by the owner (in this case joe) only by default. This means that other users logged into the databse and fetching documents with Database - Open Document would not even see this document.

If Joe wants other database users (members of his workgroup) to have read access to his document the Read check boxes are to be checked and changes saved.

Advanced Science          Terms and Conditions          © Smartsoft GmbH 2015