...
Section | ||
---|---|---|
|
...
|
...
|
...
|
...
|
Configure SSL
The database connector doe does not have any specific configuration to handle SSL. Since it runs inside the Servelet container, it is typically the responsibility of the container to handle this layer of security. In any case, here is what we have done for customers that needed SSL and were using Tomcat:
SSL (Secure Socket Layer), is a technology which allows web clients and web servers to communicate over a secured connection. This means the data being sent is encrypted by one side, transmitted, and then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the client encrypt all traffic before sending out data.”. The basic steps:*
- Configure Tomcat to accept only SSL connections to the
...
- Database Connector. This encrypts data sent between the hosted
...
- Server and the
...
- Database Connector installed in your local machine, thus protecting the queryKey.
...
- Create a SSL self-signed certificate and install in Tomcat’s keystore. The self-signed certificate will ensure that the data being transmitted and received by the
...
- Database Connector is private and cannot be snooped by anyone who may be eavesdropping on the connection.
...
- If you are running
...
- the Database Connector under Tomcat you can find more details here:
...
...
...
The queryKey attribute
...
The '''queryKey''' attribute queryKey attribute enables a password authentication mechanism that limits query execution to only those who know the queryKey password string. Every HTTP request that is sent to the database connector to execute that query must contain the key. The connector will deny all requests that do not contain the key.
For example, given the configuration below:
...
A valid request would be:<pre>
http://localhost:8082/database/myStore/customers?queryKey=abc123&customerId=23434
</pre>=====
SQL Injection Protection
...
The frevvo Database Database Connector automatically protects your data from Injection Attacks. No configuration is required for this security measure.
=== Examples ===
There are additional resources designed to help you learn how to use the power of frevvo forms with your database.
The [[Database_Connector_Tutorial_V2.0|database connector tutorial]] contains step by step instructions that demonstrate how to populate a web form with data from the database using the master/detail pattern. And also walks you thru populating a frevvo dropdown control with values dynamically from a database.
The [[Database_Connector_Examples_V2.0 | database connector examples]] contain commonly used form design patterns using data from your database in simple examples designed to get you going quickly and give you ideas for your own forms.
=== SQL Query Examples ===
A solid understand of SQL syntax is helpful when creating forms that interact with your database. Below are common and useful example queries.
===== Like Query =====
Sometimes it is useful to match a row where the matching string is not exact. To do this use the SQL Like and % wild card. In this example we want to retrieve all customers that have an email address with a specific email domain 'frevvo.com'. The % wild card must be coded into the configuration.xml query. It cannot be passed down to the query as part of the URI template.
...