How to restrict unencrypted JDBC/ODBC/ADO.NET client connections to TIBCO Data Virtualization server?
Article ID: KB0076791
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 8.0 and higher |
Description
This article explains how to restrict the Non-SSL or unencrypted ODBC/JDBC/ADO.NET client connections with the TIBCO Data Virtualization server. All the ODBC/JDBC/ADO.NET client connections that do not contain the encrypt property in their URL or configuration will fail while establishing connection with TDV.
Environment
Windows and Linux OS
Resolution
Follow the steps below to achieve the use case:
1. Open the TDV Studio.
2. Navigate to "Administration" in the top toolbar top of the TDV Studio.
3. Browse to "Configuration-->Server-->Client Drivers-->Communications-->NON-SSL Enabled"
Change the above configuration value to FALSE, the default value is TRUE.
4. Apply the changes and click on OK.
5. Restart the TDV server services after making the configuration change.
The configuration change will be reflected only after the TDV server service restart.
NOTE: After making the above configurations changes, only the encrypted JDBC/ODBC/ADO.NET client connections with TDV using the base port +1 value will be allowed. The client connections will automatically pass on the base port +3 value i.e is the SSL port used by TDV for secured client connections. There is no need to explicitly pass the SSL port (base port +3) value in the connection settings.
1. Open the TDV Studio.
2. Navigate to "Administration" in the top toolbar top of the TDV Studio.
3. Browse to "Configuration-->Server-->Client Drivers-->Communications-->NON-SSL Enabled"
Change the above configuration value to FALSE, the default value is TRUE.
4. Apply the changes and click on OK.
5. Restart the TDV server services after making the configuration change.
The configuration change will be reflected only after the TDV server service restart.
Sample JDBC URL will look as below:
jdbc:compositesw:dbapi@<TDV Host>:<Port 9401>?domain=<Domain Name>&dataSource=<Database Name>&encrypt=true
NOTE: After making the above configurations changes, only the encrypted JDBC/ODBC/ADO.NET client connections with TDV using the base port +1 value will be allowed. The client connections will automatically pass on the base port +3 value i.e is the SSL port used by TDV for secured client connections. There is no need to explicitly pass the SSL port (base port +3) value in the connection settings.
Issue/Introduction
How to restrict unencrypted JDBC/ODBC/ADO.NET client connections to TIBCO Data Virtualization server?
Feedback
Yes
No
Powered by
