Hi I want to have the ability to connect from jdbc driver to snowflake with ssl. I did it many times with other db, just add ssl=true(sometimes other properties) in connection url.
Unfortunately I didn't find this option in snowflake documentation. I found that snowflake supports something like ssl they call it Using Key Pair Authentication
Does it ssl mode for snowflake?
Does snowflake support ssl?
You can set a jdbc connection property ssl to on or off as seen here
That's what determines if the connection will be made via https or http, going by the implementation here
I tried it and it worked for me.
Note that if ssl is not set, the value is on by default.
I believe Snowflake only allows HTTPS to connect, and so it always uses TLS/SSL.
SSL encryption cannot be switched off when connecting to Snowflake. Full Stop.
There is no option in the JDBC or ODBC driver to disable (or enable) SSL. That is why this parameter is not mentioned on the documentation pages of Snowflake.
Generic
ODBC
Snowflake connections use SSL by default.
And using only HTTPS connections. Regardless whether it is a driver or the GUI.
That is also the reason that you do not need to add https:// to your server connection.
More on this can be found here.
The http-connections you might see Snowflake drivers make are to satisfy OCSP.
If you trying to test whether Snowflake supports un-encrypted connections and you get the information back that Snowflake does support unencrypted connections or does support TLS1.0 or TLS1.1 you have been testing your proxy-server settings and not snowflakecomputing.com or snowflake.com.
BTW : Currently only TLS1.2 is supported by Snowflake for HTTPS connections.
Related
I'm trying to setup an ssl based tcp connection to memsql using Go.
The application/services are running as openshift pods and written in Go.
Can I have one-way authentication to memsql from the service?
Do I need to enable any port in memsql to listen for tls based ssl connection?
Apart from updating the DSN in my service to tls=true, what can be the alternative to customise this configuration.
Can someone suggest an efficient way to connect to memsql with ssl enabled?
I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.
Currently the connection is established by following code:
db, err := sql.Open("mysql", DSN) and
DSN=root:#tcp(IPAddress:3306)/riodev?interpolateParams=true&parseTime=true
Can you clarify what your question is? The SSL authentication is one-way, the client verifies the server. The server verifies the client via their login information.
No, MemSQL uses the same port for SSL and non-SSL connections.
You may also need to configure the SSL certificate, as described in https://github.com/go-sql-driver/mysql#tls.
Most client libraries support connecting with SSL.
I've followed the memsql documentation and inserted the certificates to memsql master and aggregator, as well as made the permission check enabled, but still I'm able to get into the memsql without giving the rootCertificate in the login.
Is it possible the connection is already using SSL? It may be using SSL-preferred mode without verifying the certificate.
Can anyone tell me how to set up SSL / HTTPS on Oracle Apex?
I'm using Oracle Apex 5.0 and I want to be able to access my application via HTTPS.
Information on this is fairly widespread, but varies depending on your middle tier.
http://dgielis.blogspot.com/2016/05/please-use-https-for-your-apex-apps.html
https://www.skillbuilders.com/free-oracle-apex-tutorials/how-to-get-oracle-apex-ssl-web-services-working/
https://apex.oracle.com/pls/apex/germancommunities/apexcommunity/tipp/6121/index-en.html
http://davidghedini.blogspot.com/2009/02/https-for-oracle-application-express-on.html
http://krisrice.io/2018-05-09-ORDS-and-lets_encrypt/
If you are using a Glassfish Server as the Middleware you will have a HTTP Listener enabled. You can enable HTTPS for that with a simple checkmark. Just go to the webinterface and have a look at the Network Settings.
Then you'll only need to get a valid SSL Certificate, for example a Free one from Let's Encrypt.
If you are using Apache Tomcat as the middleware it's similar. You gotta change the Listener to a HTTPS one and include your certificate.
Google launched support for SSL connections in the JDBC service. Google added three new connection parameters to support this feature: _serverSslCertificate, _clientSslCertificate, and _clientSslKey. The documentation is available here:
https://developers.google.com/apps-script/reference/jdbc/jdbc#getConnection(String,Object)
When a database in Amazon is created, we can add SSL support to it:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
As an example if we create a MariaDB database, we just have to download the next certificate: rds-ca-2015-root.pem
And access to database with the next command:
mysql -h mymariadbinstance.abcd1234.rds-us-east-1.amazonaws.com --ssl-ca=[full path]rds-combined-ca-bundle.pem --ssl-verify-server-cert
And apply SSL to an specific user:
GRANT USAGE ON *.* TO 'encrypted_user'#'%' REQUIRE SSL
So, how can we conect with SSL to an Amazon Database using the GAS JDBC API?
The question isn't entirely clear to me, but it looks like you asking how you can pass the server cert while initiating the jdbc connection. The API has a _serverSslCertificate argument that should do just this.
https://developers.google.com/apps-script/reference/jdbc/jdbc#getConnection(String,Object)
Try it out and let us know if you still have issues.
I have done a lot of searches, but still can't find a solution.
In my projects, I'm using both Tomcat connection pooling and C3P0 connection pooling for postgresql. I rejected to use JDBC connection pooling because it's not suggested by postgresql officially.
Now I need to enable SSL/TLS on these pools. I thought this should be a pretty common need. I found examples on JDBC pooling, but not for tomcat or c3p0. I'm really wondering if tomcat and c3p0 poolings can configure SSL!
Does anyone have any resources on this topic that I can refer to?
SSL transport should be pretty much transparent to c3p0. just set up your postgres RDBMS to use SSL. the postgres JDBC driver supports SSL connections. if you are using a self-signed certificate though (rather than a certificate signed by one of the well-known certificate authorities), you'll have to either configure your JVM to recognize your self-signed certificate or the JDBC driver not to validate certificates.
You'll need to configure several postgres-specific JDBC Connection Properties. The easiest way to do this is by just appending the properties as standard URL-style params to your postgres-jdbc URL:
jdbc:postgresql://myhost.mydomain/mydb?ssl=true
Or (dangerously)
jdbc:postgresql://myhost.mydomain/mydb?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
Those should work if you are configuring user and password (as usual) via c3p0 configuration parameters. Alternatively, you can configure all of the Connection parameters in a Properties object. Here is how that would work for c3p0:
// obviously, imports should go where there should go
import java.util.Properties;
import com.mchange.v2.c3p0.ComboPooledDataSource;
// this is very close to the postgres docs
Properties props = new Properties();
props.setProperty("user", myUsername);
props.setProperties("password", myPassword);
props.setProperty("ssl","true");
props.setProperty("sslfactory","org.postgresql.ssl.NonValidatingFactory");
// this is c3p0-specific
ComboPooledDataSource cpds = new ComboPooledDataSource();
cpds.setJdbcUrl("jdbc:postgresql://myhost.mydomain/mydb");
cpds.setProperties( props );
// set any other properties you wish to override from values in config and/or defaults
The easiest way, I think, will be to just set jdbcUrl, user, and password in c3p0 config files and append ssl params to the end of your postgres jdbc URL.
I'm pretty far out of my depth here, so bear with me. We're using JDBC via com.intersys.jdbc.cachedriver to run stored procedures in Intersystems Cache and get the results in Java. However, there are other clients that connect directly to the Cache using a terminal over telnet. We have to lock down Cache's telnet port so that only telnet over SSL is possible. However, the Cache experts here say that locking down one port in Cache locks them all down, so the Java to Cache connection will also have to use SSL. I understand vaguely that some JDBC drivers support SSL, but I don't see that the Cache one does. What I need to know is:
What's needed to configure SSL for the JDBC connections? (We're using JBoss 4.2.3)
What about certificates? I assume those have to go somewhere.
Is it actually true that locking down the telnet connections is also going lock down JDBC in the same way?
Configuring Java Clients to Use SSL/TLS with Caché
Using SSL/TLS with Caché
Telnet vs ssh is a question about what the OS allows and only relates to Cache peripherally. It doesn't mean anything regarding items 1 or 2. So in answer to the direct question you are asking, "No".
1. What's needed to configure SSL for the JDBC connections? (We're using JBoss 4.2.3)
See http://docs.intersystems.com/cache20102/csp/docbook/DocBook.UI.Page.cls?KEY=GCAS_ssltls#GCAS_ssltls_javacli for details. This section doesn't explicitly mention JDBC, but it's true for JDBC (and the reference has been added for the documentation 2011.1 [next release] .)
2. What about certificates? I assume those have to go somewhere.
To quote the documentation: "If the client has a private key and certificate, these are stored in the client’s keystore; the keystore can also hold the client’s root CA certificate and any intermediate CA certificates. To authenticate the server, the client may need to have the root CA certificate for the server and any intermediate CA certificates, these can be stored either in the client’s truststore or along with client certificate information in the keystore. For more information on keystores and truststores, see the section “Keystores and Truststores” in the Java Secure Socket Extension (JSSE) Reference Guide."
3. Is it actually true that locking down the telnet connections is also going lock down JDBC in the same way?
Yes -- if telnet connections are to require TLS, then the superserver TLS setting needs to be Required, which means that you have to use TLS for anything that goes through the superserver (including JDBC). If you just want to allow the use of TLS for telnet connections, set the TLS value to Enabled, which allows non-TLS connections by other means (such as JDBC).