SQL server and security considerations
A summary of security considerations involving the SQL server and Touchstone/Touchstone Re installations.
Trustworthy databases
Touchstone databases that need the "Trustworthy" flag to be set to on include:
- AIRProject
- AIRMap
- AIRSpatial
- AIRMapBoundary
- AIRReference
- AIRUserMap
- AIRSecurity
Common criteria compliance
Common Criteria Compliance for the SQL Server (Server Properties > Security tab) should be disabled due to various concerns including:
- Residual Information Protection (RIP) — Meeting the RIP standard can contribute to improved security, however, it greatly degrades performance.
- Login auditing — This setting has no overlap in a Touchstone implementation.
- A table-level DENY takes precedence over a column-level GRANT — This setting has no overlap in a Touchstone implementation.
SQL server and security updates
Regarding Microsoft SQL Server updates, Microsoft offers the following tracks for releasing the GDR (General Distribution Release):
- RTM Track — Employed for installations still on the base version using the Release to Manufacturer (RTM) version track.
- CU Track — Employed for installations using any cumulative update (CU) version as their supported version track.
- On Demand Track — Employed for certain bits of the CU track to then follow on a CU track only (not RTM Track).
Important: For Touchstone/Touchstone Re 2025 (13.0) installations we
employ the RTM track update method.