[teiid-issues] [JBoss JIRA] (TEIID-3177) Enforce SSL connections over ODBC when Encryption Mode is enabled

Steven Hawkins (JIRA) issues at jboss.org
Wed Oct 22 09:49:35 EDT 2014 

    [ https://issues.jboss.org/browse/TEIID-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012645#comment-13012645 ] 

Steven Hawkins edited comment on TEIID-3177 at 10/22/14 9:49 AM:
-----------------------------------------------------------------

Note that this is the default behavior of a pg server as well (with the distinction that other auth types such as a hash would be supported).  You have to additionally configure the hba conf to deny non-ssl client connections - which is what this feature will be analogous to.  Also note that http://www.postgresql.org/docs/9.2/static/libpq-ssl.html states that clients must be configured for ssl - see sslmode or else the client can still send information in an non-secure fashion even if the server is in ssl mode regardless of whether it is rejecting connections (this may be because there are versions of the pg client that can send password information in the initialization message or not waiting for the authentication mode response from the server).


was (Author: shawkins):
Note that this is the default behavior of a pg server as well.  You have to additionally configure the hba conf to deny non-ssl client connections - which is what this feature will be analogous to.  Also note that http://www.postgresql.org/docs/9.2/static/libpq-ssl.html states that clients must be configured for ssl - see sslmode or else the client can still send information in an non-secure fashion even if the server is in ssl mode regardless of whether it is rejecting connections (this may be because there are versions of the pg client that can send password information in the initialization message or not waiting for the authentication mode response from the server).

> Enforce SSL connections over ODBC when Encryption Mode is enabled
> -----------------------------------------------------------------
>
>                 Key: TEIID-3177
>                 URL: https://issues.jboss.org/browse/TEIID-3177
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: ODBC
>    Affects Versions: 8.8
>            Reporter: Cristiano Nicolai
>            Assignee: Steven Hawkins
>            Priority: Critical
>             Fix For: 8.9
>
>
> When connecting via ODBC transport, even if the encryption mode is set to enabled is still possible to establish non ssl connections. This allows clients to  connect via insecure method. We would like that the Teiid transport could reject connections if they are not properly set up using SSL transport.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the teiid-issues mailing list