It looks like Oracle supports SSL encryption on its JDBC connections. Does this work using Data Connection?
This will work if you have a JDBC driver that supports it. Just edit the JDBC URL manually, and set the flags appropriately.
Related
I have just set up a new Azure MySQL.
I can connect to it via Workbench but not via Glassfish 4.1.2 connection pool.
I am testing 2 installations of Glassfish. One on my machine (without SSL) another installation on another Azure VM (with SSL). But I get Communications Link Failure with every ping on both installations. While I can ping successfully via both installations to other MySQL on other machines.
I get my connection string from Azure portal.
All other GF connection pool configs are by default.
I have SSL certificate installed on Azure VM Glassfish.
I have allowed both ip addresses on azure portal (successful workbench connection).
Is there any documentation or tutorial on Azure MySQL + Glassfish Connection Pooling config?
I can't seem to find it. Or does anyone know what I'm missing? Please. Thank you.
I've solved the problem in case anyone is interested.
I'm using ConnectorJ v.5.5 which allows username character size max limit of 16. With Azure requiring us to append #servername at the end, it was over the limit.
So I switched to Connector v.8.0.22 which allows username max of 32 characters.
However, there are extra config. to avoid "Class name is wrong or classpath is not set" error
put the connector 8.0.22 in glassfish-4.1.2\glassfish4\glassfish\domains\domain1\lib
when setting connection pool set Datasource Classname = com.mysql.cj.jdbc.MysqlDataSource
in the properties change LoggerClassName = com.mysql.cj.log.StandardLogger and Logger = com.mysql.cj.log.StandardLogger
if you use SSL set useSSL=true otherwise set useSSL=false in the properties or connection string
cheers!
This is the pymysql code I am using to connect to the database. I am testing with an AWS RDS Mysql instance with Mysql verison 5.7.22. I am getting the certificate from https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
pymysql.connect(secret_dict['host'], user=secret_dict['username'],
passwd=secret_dict['password'], port=port, db=dbname,
connect_timeout=5, ssl={'ca': './rds-combined-ca-bundle.pem'})
This code works with my test database with the user with ssl enabled and the user wo ssl enabled. - (Via ALTER USER 'encrypted_user'#'%' REQUIRE SSL; )
My question is is this pymysql behavior that I am seeing true of any MySQL verison database or documented anywhere? The behavior I am referring to is that if you add the ssl option to the connect call, it should work (successful connection) regardless or not the actual user has SSL required on it. I prefer not to test with every Mysql version :)
From taking a look at the pymysql code, what it seems to do is check if there are any ssl parameters associated with the request, adds it to an ssl map, and then creates a ctx_object from that ssl map and uses that ctx_ object when initializing a socket with the database.
Just found this on the Mysql 7 documentation guide
"On the server side, the --ssl option specifies that the server permits but does not require encrypted connections. This option is enabled by default, so it need not be specified explicitly."
"By default, MySQL client programs attempt to establish an encrypted connection if the server supports encrypted connections, with further control available through the --ssl-mode option:"
"In the absence of an --ssl-mode option, clients attempt to connect using encryption, falling back to an unencrypted connection if an encrypted connection cannot be established. This is also the behavior with an explicit --ssl-mode=PREFERRED option."
"PREFERRED: Establish an encrypted connection if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established. This is the default if --ssl-mode is not specified."
So I believe what's happening is that pymysql doesn't specify the ssl-mode option so the ssl client side mode being used is PREFERRED which means that the client(pymysql) will try to establish an ssl connection(which I think fails because the user doesn't require it) and then fallback to the unencrypted connection which will be successful.
I have a Java application that uses MySQL with the Connector/J MySQL connector. I would like to specify the default client charset in the $HOME/.my.cnf file of the application user, so that it does not affect other applications on the same server.
To test whether Connector/J uses $HOME/.my.cnf, I created the file with the following content:
[client]
socket=/tmp/inexisting-mysql.sock
I expected that the Java application fails to connect to the database, because the /tmp/inexisting-mysql.sock does not exist. However, the application can still connect to the database successfully. It looks like Connector/J is not reading this configuration file at all.
How can I make Connector/J read the $HOME/.my.cnf? Or how can I specify a [client] section option for just my Java application, but not for other applications that use the same database?
Regards, Benedikt
To set the default client charset for a connection you can give that as a parameter to the connection itself:
jdbc:mysql://localhost:3306/sakila?useUnicode=true&characterEncoding=UTF-8
I don't think there is a way to make Connector/J read your $HOME/.my.cnf out of the box. You could read that file in the java application and set the url parameter accordingly though.
Updated the mysql connector. Net to version 6.6.4 provider to integrate with visual studio 2012, but now when I try to configure the connection to the edmx occurs the error "Authentication method 'mysql_old_password' not supported".
This error message is shown when you are connecting to a MySQL database that has its passwords stored in the old password format (http://dev.mysql.com/doc/refman/5.0/en/old-client.html). Newer MySQL clients do not allow a connection to be made to databases using the old password format as it is less secure.
Some would suggest to set old_passwords=1 at the MySQL server, but I think it would be better to upgrade the passwords to the new password format. Then the MySQL connection can be setup again and your database will be better protected.
You can read about how to upgrade your MySQL passwords from the old format to the new format here: http://code.openark.org/blog/mysql/upgrading-passwords-from-old_passwords-to-new-passwords
MysqL Connector/NET 6.6.x (as of 6.6.2) dropped support for old password style authentication (it was deprecated due to being insecure and there were documented ways to attack it).
When trying to use it with old password style account, you will get an Arithmethic overflow error (granted, a more friendly error would be better).
As stated in this bug report: http://bugs.mysql.com/bug.php?id=66647
For Connector/NET you have to use Native 4.1 style passwords (which is old_passwords=0).
Other option is Windows Style Authentication, which is also supported, but you'll need some MySql commercial edition (standard MySql server doesn't have support for windows authentication).
Mysql_old_password was temporary and was ment to be used for older mysql clients right after 4.1.1 to authenticate to a pre-4.1.1 mysql server.
Setting the var old_passwords=1 in your mysql servers my.ini should enable this functionality.
Is there a way to set up a ColdFusion data source to connect to a MySQL server over a secure connection using SSL?
I don't see any obvious option to enable a SSL connection on the data source in CF administrator.
The only option I can think of is to use the "connection string" field.
This is for a current configuration that is set up. We have other options, but I am curious as to if this is possible. Thanks.
You would need to use the "other" option in the Drivers dropdown and build your own connection string. Here's an article I found on SSL for MySQL through JDBC drivers: http://www.razorsql.com/articles/mysql_ssl_jdbc.html
UPDATE: Here is another article with information on connecting via SSL and updating the keystore with certificate data. There is also some good content in the comments of the page: http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html