...

SSL (Secure Socket Layer), is a technology which allows web clients and web servers to communicate over a secured connection. This means the data being sent is encrypted by one side, transmitted, and then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the client encrypt all traffic before sending out data.”. The basic steps:*

• Configure Tomcat to accept only SSL connections to the frevvo Database Connector. This encrypts data sent between the hosted frevvo Form Server and the frevvo Database Connector installed in your local machine, thus protecting the queryKey.

...

• Create a SSL self-signed certificate and install in Tomcat’s keystore. The self-signed certificate will ensure that the data being transmitted and received by the frevvo Database Connector is private and cannot be snooped by anyone who may be eavesdropping on the connection.

...

• If you are running the frevvo Database Connector under Tomcat you can find more details here: [http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Tomcat6 SSL How To]

The queryKey attribute

The '''queryKey''' attribute enables a password authentication mechanism that limits query execution to only those who know the queryKey password string. Every HTTP request that is sent to the database connector to execute that query must contain the key. The connector will deny all requests that do not contain the key.
 
For example, given the configuration below:

...

 A valid request would be:<pre>
 http://localhost:8082/database/myStore/customers?queryKey=abc123&customerId=23434
</pre>

SQL Injection Protection

The frevvo Database Connector automatically protects your data from Injection Attacks. No configuration is required for this security measure.

...