www.datadirect.com
T U T O R I A L
Even when using an application with the best security, the only way to keep data truly secure across the network is to ensure that your database middleware supports the latest security features. Kerberos authentication and SSL encryption are no longer cutting edge “nice-to-have” options. They are mandatory elements to any successful security strategy. Some drivers may not support these security features – others may only offer support from some platforms. Still other driver options may require additional layers of software which end up killing performance. Progress DataDirect drivers support SSL and Kerberos from any platform without requiring database client libraries.
And just as important, supporting these features through the driver takes just a few minutes – no additional application code required!
If Kerberos and SSL have been implemented, adding security support to an ODBC application on windows would just require a few drop down options selected, and a few fields populated with the encryption information:
2 www.datadirect.com
To add security support to a SQL Server application on UNIX would just require a few changes to the odbc.ini file:
3 www.datadirect.com
For a Java application connecting to a relational database like DB2 , the only information required is in the JDBC connection string: jdbc:datadirect:db2://server1:50000;DatabaseName=jdbc
;User=test;Password=secret;AuthenticationMethod=kerberos;E ncryptionMethod=SSL;HostNameInCertificate=testhost;KeyStor e=xyz;KeyStorePassword=xxx;KeyPassword=xxxy;TrustStore=/ directoryA/truststorefile;TrustStorePassword=xxxy;ValidateS erverCertificate=true;
Whether you are working with an ODBC application or a JDBC application, the connection properties will be the same. These properties are all set at the driver level, so there is no need for additional application code. Adding functionality to your application without having to create, develop, test, and maintain multiple lines of extra code saves time, resources, and money!
Once you have implemented SSL, there are just a few parameters that need to be set. Below is a list of security-related connection options and descriptions:
• AuthenticationMethod - determines which authentication method the driver uses when it establishes a connection.
• Encryption Method – determines whether data is encrypted and decrypted when transmitted over the network between the driver and database server.
• HostNameInCertificate – specifies a host name for certificate validation when
SSL encryption is enabled and validation is enabled. This property provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
• KeyStore – specifies the directory of the keystore file to be used when SSL is enabled and SSL client authentication is enabled on the database server. The keystore file contains the certificates that the client sends to the server in response to the server’s certificate request.
www.datadirect.com
4
• KeyStorePassword – specifies the password that is used to access the keystore file when SSL is enabled and SSL client authentication is enabled on the database server. The keystore file contains the certificates that the client sends to the server in response to the server’s certificate request.
• KeyPassword – specifies the password that is used to access the individual keys in the keystore file when SSL is enabled and SSL client authentication is enabled on the database server. This property is useful when individual keys in the keystore file have a different password than the keystore file.
• TrustStore – specifies the directory of the truststore file to be used when SSL is enabled using the EncryptionMethod property and server authentication is used. The truststore file contains a list of the Certificate Authorities (CAs) that the client trusts.
• TrustStorePassword – specifies the password that is used to access the truststore file when SSL is enabled and server authentication is used. The truststore file contains a list of Certificate Authorities (CSs) that the client trusts.
For more information on how SSL and Kerberos keep your data secure, see the JDBC security section and the ODBC security section in the Progress DataDirect product documentation.
Check out ISAG’s latest whitepaper:
Data Access Middleware Security Simplifies Business Process Applications
Link to Progress DataDirect’s Security Support Matrix
Ready to get started? Progress DataDirect offers a free, fully functional, 15-day trial on all products. www.datadirect.com/download
5 www.datadirect.com
www.datadirect.com
6
Progress Software is the only comprehensive provider of software for connecting the world’s most critical business applications to data and services, running on any platform, using proven and emerging standards. Developers worldwide depend on DataDirect® products to connect their applications to an unparalleled range of data sources using standards-based interfaces such as ODBC,
JDBC and ADO.NET, XQuery and SOAP. More than 300 leading independent software vendors and thousands of enterprises rely on
Progress Software to simplify and streamline data connectivity for distributed systems and to reduce the complexity of mainframe integration.
Progress Software Corporation (NASDAQ: PRGS) is a global enterprise software company that enables businesses to be operationally responsive to changing conditions and customer interactions as they occur – to capitalize on new opportunities, drive greater efficiencies and reduce risk. The company offers a comprehensive portfolio of best-in-class enterprise software spanning event-driven visibility and real-time response, open integration, data access and integration, and application development and deployment – all supporting on-premises and SaaS/Cloud deployments. Progress maximizes the benefits of operational responsiveness while minimizing IT complexity and total cost of ownership. Progress can be reached at www.progress.com or +1-781-
280-4000.
Progress Software Corporation, 14 Oak Park, Bedford, MA 01730 USA
Tel: +1 781 280-4000 Fax: +1 781 280-4095 On the Web at: www.progress.com
Find us on facebook.com/progresssw twitter.com/progresssw youtube.com/progresssw
For regional international office locations and contact information, please refer to the Web page below: www.progress.com/worldwide
Progress, DataDirect, DataDirect Connect, DataDirect Connect for JBDC, DataDirect Connect for ODBC and Business Making Progress are trademarks or registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and other countries. Any other trademarks contained herein are the property of their respective owners. Specifications subject to change without notice.
© 2012 Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.
www.datadirect.com