![]() in /Users/me/MyTrustStore) and import the certificate to that Trust Store. We therefore recommend creating a truststore separate from the Java VM (e.g. The drawback with that solution is that it does not survive a Java upgrade when the Java VM bundled with DbVisualizer is used, upgrading DbVisualizer effectively causes SSL connections to fail. Many forums on the net suggests using the Java keytool to import the certificate into the Java VM's default truststore. When using a truststore that affects the whole JVM special considerations must be taken. Some drivers allow this truststore to be configured per connection instead of for the whole Java VM. Depending on the actual JDBC driver this may include importing certificates to a truststore using the Java keytool. When a self-signed server certificate is used, some additional configuration is needed. Trusting the server – One way authenticationĪ server certificate that is signed by a trusted Certificate Authority (CA) should always work fine, since the Java distribution includes a truststore with all the CA public keys. In case of two-way SSL, both client and server authenticate each other to ensure that both parties involved in the communication are trusted. In one way SSL, only client validates the server to ensure that it receives data from the intended server. The exact details depend on the versions of the database and the driver, but using PostgreSQL as an example, the settings can look like this:įor ensuring security of the data being transferred between a client and server, SSL can be implemented either one-way or two-way (aka mutual authentication). In case the JDBC driver supports SSL, you define the SSL settings as Driver Properties for your connection according to the documentation for the JDBC driver. Number of SSH Authentication Tries that limits the number of allowed connection attemptsĭepending on the database and the JDBC driver, you may be able to use SSL (Secure Socket Layer) to encrypt client/server communications and securely authenticate client and server.SSH Config File containing optional SSH configuration.SSH Known Hosts File so you don't have to accept connections to known SSH hosts every time you connect.SSH Keep-Alive Interval to minimize the risk that the tunnel is disconnected due to inactivity.In the Database Connection/SSH Settings category under the General tab, you can specify: If you use the SSH Tunnel feature, you may also want to configure a few things in Tools->Tool Properties. The URL that is used for the connection is shown at the top of the Object View tab for the database connection when a connection is established, along with a certificate icon if the connection is made through an SSH tunnel. like this for the Oracle Thin driver when is other words, the JDBC driver connects to the SSH tunnel's local port, which then forwards all communication to the database server. The JDBC URL is constructed using 127.0.0.1 as the Database Server portion and as the Database Port portion, e.g. ![]() If the database server is running on the SSH host, you can therefore set Database Server to localhost in case the database only accepts local connections. Note that when using an SSH tunnel, the Database Server is evaluated on the SSH host. The tunnel corresponds to the tunnel you would set up with the ssh command like this: If you're familiar with using the ssh command to set up a tunnel manually, you may be interested in more details. When SSH tunneling is enabled, a tunnel is established when you connect to the database and the connection is then made through the tunnel by constructing a JDBC URL that uses information from both the Connection and Use SSH Tunnel sections. The SSH Password field is then replaced by a Key Passphrase field where you can enter the passphrase if the private key is protected with one. Alternatively, you can enter the path to a private key file (using either the RSA or DSA algorithms) in the Private Key File field. You may also enter the userid and password for your SSH host account in the SSH Userid and SSH Password fields, but see Setting Common Authentication Options for other options. Enter the port for SSH connections in the SSH Port field. The SSH Host is typically the same as the Database Server. The SSH Host is the name or IP address for the host accepting SSH connections. When it is enabled, five additional fields are shown. not for embedded databases or when using the TNS Connections Type for an Oracle database, or similar).Įnable SSH tunneling by clicking on the checkbox. This area is only shown when the Server Info settings format is selected, and only for databases identified by at least a Database Server and a Database Port (i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |