Versions Compared

Version Old Version 1 New Version 2
Changes made by

Former user

Megan Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

When accessing your database from an externally hosted SaaS Server, follow these steps to ensure your data is secure. You may also wish to consider one or all of these step even when using the in-house version if you feel your intranet is not secure.

Using the Database Connector's security mechanism, combined with only accepting SSL connections to the database connector from the web application container, will prevent unauthorized access to your database queries. The steps below describe how to secure your data.

Column
width240px

On this page:

Table of Contents
maxLevel1

 


Configure SSL

The database connector does not have any specific configuration to handle SSL. Since it runs inside the Servlet container, it is typically the responsibility of the container to handle this layer of security. In any case, here is what we have done for customers that needed SSL and were using Tomcat: 

...

  • Configure Tomcat to accept only SSL connections to the  Database Connector. This encrypts data sent between the hosted  Server and the Database Connector installed in your local machine, thus protecting the queryKey.
  • Create a SSL self-signed certificate and install in Tomcat’s keystore. The self-signed certificate will ensure that the data being transmitted and received by the  Database Connector is private and cannot be snooped by anyone who may be eavesdropping on the connection.
  • You can find more details here about running the  Database Connector under Tomcat. 

Configure SSL for Standalone Database Connector

  1. Get a SSL Certificate. We recommend you get a certificate with PKCS12 (.pfx or .p12) format and SHA1 encryption.

  2. Edit <connectorInstallationDirectory\config\dbconnector.properties to add the SSL to the keystore. Example:

    Code Block
    # Customize the DbConnector here
logging.file=./logs/database-connector.%d{yyyy-MM-dd}.log
server.port=8443
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=PASSWORD
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
  3. Browse https://<host>:<port>/database/status to check the status of the connector. Note: You may see a warning about an invalid cert, however you will get the status page if you 'ignore' and go past it.

The queryKey attribute

The queryKey attribute enables a password authentication mechanism that limits query execution to only those who know the queryKey password string. Every HTTP request that is sent to the database connector to execute that query must contain the key. The connector will deny all requests that do not contain the key.
 
For example, given the configuration below:

...

The  Database Connector automatically protects your data from Injection Attacks. No configuration is required for this security measure.