I have written a delphi application that allows a user to define a query and run it over a DB2 database on an IBM System i using a TADOQuery component with the IBM DB2 OLE DB Provider.
We now have a requirement that the user be allowed to secure the connection using SSL if they so wish. I know that I can pass a value of "SSL=TRUE" into the connection string for the OLE DB Provider. The problem that we're having is setting up SSL on the System i server so that we can set up our test environment.
I can't find any instructions for securing the database application on a System i to use SSL. Does anyone know how to do this?
Setting up SSL on the iSeries
Related
I had subscribed for free trial for IBM Cognos. In that I have to connect my SQL server with it. I had tried all alternatives but none is working. According to the error, I had even given access of firewall through my system with port defined, also in sql server configuration manager. But still facing the same error when Testing the connection through ibm cognos.By default, we can only connect through jdbc.
Error
Connection In cognos
SQL Server configuration manager
Port Setting Inbound Firewall
The MSSQL database you are connecting to would not be local to the on demand server, so a host of localhost is likely not correct.
If the MSSQL is not publicly accessible you will need to use a secure gateway connection. https://www.ibm.com/docs/kk/cognos-analytics/11.1.0?topic=demand-secure-gateway-only
Additionally, public or private you will also need to add the following to the JDBC connection URL TrustServerCertificate=true
In the current project we are already using generic db connection and now we found that there is Sql Serve connection available but we have never used that so want to explore that option.
Is it going to give better performance than generic connection?
One observation from my experience is Generic Connection is working for Windows Authentication where as SqlServer Connection is not working for the same and working for Sql Account.
The Microsoft SQL Server Connection provides some database specific configurations to simplify the configuration of the connection. For example an instance name. With the Generic Connection you can only use generic JDBC configurations. There should not be a difference in performance. Depending on how did you configure Windows Authentication in the generic connection it may or not be possible to replicate it in the Microsoft SQL Server Connection. If you are happy with your current connection configuration there is no need to change it.
We recently migrated an application database to a new version from winserv2008/sql2008 to winserv2012R2/Sql2014. A service that pulls on this DB needs to be redesigned to accommodate some minor table/view definition changes.
Running the service code through tests under my personal security context works fine. However, installing and starting the service under .\LocalSystem is problematic. Looking at the service logs in event viewer I see that the service tries to connect to the sql server but gets a ERROR[28000] Login failed for user 'Domain\LocalSystemName$'.
The connection is via ODBC, SQL Server Native Client 11.0. Connection string is like:
"dsn=dsn_name;Driver={SQL Server Native Client 11.0};Database=database_name;Integrated Security=False;uid=accountname;pwd=accountpassword;Connect Timeout=15;ApplicationIntent=ReadOnly;"
Also, through the course of troubleshooting I've discovered/confirmed several things.
The sql server credentials I am using are correct, they are also being used to connect from a SQL2016 instance to the SQL14 server as a linked server.
The original service install on a utility server appears to be hitting the new database fine after the ODBC connection settings were switched.
My questions are:
Have you run into anything like this before?
Am I missing something simple in my connection string?
Are there per machine security settings in sql14 that I'm missing?
I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>
First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")
I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>
First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")