We are using liquibase maven plugin to execute changelogs in database. We have been told to use connection over TLS. Our services are successfully connecting to database using Java Keystore and Trust Store. But we are facing issue while executing liquibase over CLI. Can you please help how to execute liquibase over CLI for database connection over TLS.
Liquibase does not have a setting to configure the TLS. It is something that ins typically on figured in Oracle (in sqlnet.ora or on the client side using security.java)
If you need to set up Oracle wallet which is sometimes the case with using TLS, you can refer to this documentation: https://docs.liquibase.com/workflows/database-setup-tutorials/oracle-atp-db.html
Related
In the current project we are already using generic db connection and now we found that there is Sql Serve connection available but we have never used that so want to explore that option.
Is it going to give better performance than generic connection?
One observation from my experience is Generic Connection is working for Windows Authentication where as SqlServer Connection is not working for the same and working for Sql Account.
The Microsoft SQL Server Connection provides some database specific configurations to simplify the configuration of the connection. For example an instance name. With the Generic Connection you can only use generic JDBC configurations. There should not be a difference in performance. Depending on how did you configure Windows Authentication in the generic connection it may or not be possible to replicate it in the Microsoft SQL Server Connection. If you are happy with your current connection configuration there is no need to change it.
When running the 'migrate' command of the flyway, the standard way to access DB is by providing user and password. In my case, it's Azure SQL DB and instead of user/password I have only MSI token. Is it possible to pass the token to the command line? Looking at the parameters of the 'migrate' command I couldn't find anything like that.
Azure Active Directory MSI Authentication is supported and please see the Microsoft documentation as it has more details about how these work with JDBC URLs, (link) to download the driver and the applicable connection string properties and client requirements but please note:
Supported since driver version v7.2, authentication=ActiveDirectoryMSI can be used to connect to an Azure SQL Database/Data Warehouse from inside of an Azure Resource with "Identity" support enabled. Optionally, msiClientId can also be specified in the Connection/DataSource properties along with this authentication mode, which must contain the Client ID of a Managed Service Identity to be used to acquire the accessToken for establishing the connection.
You could run this from an Azure AD Federated on-premise host or Azure host using the following java client example and then run the migrate command.
I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>
First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")
I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>
First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")
I have written a delphi application that allows a user to define a query and run it over a DB2 database on an IBM System i using a TADOQuery component with the IBM DB2 OLE DB Provider.
We now have a requirement that the user be allowed to secure the connection using SSL if they so wish. I know that I can pass a value of "SSL=TRUE" into the connection string for the OLE DB Provider. The problem that we're having is setting up SSL on the System i server so that we can set up our test environment.
I can't find any instructions for securing the database application on a System i to use SSL. Does anyone know how to do this?
Setting up SSL on the iSeries