Versions Compared

Old Version 1

changes.mady.by.user Megan Ellis

Saved on

compared with

New Version Current

changes.mady.by.user Megan Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...


Section


Column

When accessing your database from an externally hosted SaaS Serverfrevvo Server, follow these steps to ensure your data is secure. You may also wish to consider one or all of these step steps even when using the in-house frevvo On Premise version if you feel your intranet is not secure.

Using the Database frevvo Database Connector's security mechanism, combined with only accepting SSL connections to the database connector from the web application container, will prevent unauthorized access to your database queries. The steps below describe how to secure your data.


Column
width240px

On this page:

Table of Contents
maxLevel1


...

  • Configure Tomcat to accept only SSL connections to the  Database frevvo Database Connector. This encrypts data sent between the hosted  Server frevvo Server and the Database frevvo Database Connector installed in your local machine, thus protecting the queryKey.
  • Create a an SSL self-signed certificate and install it in Tomcat’s keystore. The self-signed certificate will ensure that the data being transmitted and received by the  Database frevvo Database Connector is private and cannot be snooped by anyone who may be eavesdropping on the connection.
  • You can find more details here about running the  Database the frevvo Database Connector under Tomcat. 

Configure SSL for Standalone Database Connector

  1. Get a an SSL Certificate. We recommend you get a certificate with PKCS12 (.pfx or .p12) format and SHA2 encryption.

  2. Edit <connectorInstallationDirectory>\config\dbconnector.properties to add the SSL to the keystore. Example:

    Code Block
    # Customize the DbConnector here
logging.file=./logs/database-connector.%d{yyyy-MM-dd}.log
server.port=8443
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=PASSWORD
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat


    The property "server.ssl.key-store" must point to the location of the certificate file on your server. If you save the certificate file in the same directory as the dbconnector.properties file, you can just set this to the file name.

  3. Browse https://<host>:<port>/database/status to check the status of the connector. Note: You may see a warning about an invalid cert; however, however you will get the status page if you 'ignore' and go past it.

...

SQL Injection Protection

The  Database frevvo Database Connector automatically protects your data from Injection Attacks. No configuration is required for this security measure.

...

While you cannot encrypt the database password in the <frevvo-home>\tomcat\conf\dbconnector.properties file, you can provide added security using one of the following methods:

  1. Define the data source at the container (tomcat) level for some added security. Please see this documentation which explains how.
  2. Store password as an OS Environment Variable and reference that variable in the dbconnector.properties file. See Secure Passwords in Tomcat for details.

...

There is nothing built in the  Database frevvo Database Connector to block public access or enforce authentication to the database connector status page or other database connector URLs.
 
If you are using  On frevvo On Premise and the Database Connector is installed in the same tomcat as frevvo, you can restrict access to all database connector URLs from outside, allowing connections only from localhost (i.e. frevvo) by creating an individual context.xml for your app.

...