[teiid-issues] [JBoss JIRA] (TEIID-3177) Enforce SSL connections over ODBC when Encryption Mode is enabled

Steven Hawkins (JIRA) issues at jboss.org
Tue Mar 29 08:51:00 EDT 2016 

    [ https://issues.jboss.org/browse/TEIID-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13183202#comment-13183202 ] 

Steven Hawkins commented on TEIID-3177:
---------------------------------------

> It is quite braking change for the patch, isn't it?

That is why it wasn't done as a patch initially - it's a large change and it changes the meaning of login mode ssl for odbc.  However that is a logical consequence - and in all of our docs we warn that cleartext is being used by default and needs to be done so with caution.  As for whether GSS wants to keep the this change in tact or add a backwards compatibility property, that will be up to them.

> But It means, that user cannot use username:password authentication while connecting to Teiid ODBC transport OOB

That is not correct.  OOB the configuration moving forward is:

<transport name="odbc" protocol="pg" socket-binding="teiid-odbc">
  <authentication security-domain="teiid-security"/>
  <ssl mode="disabled"/>
</transport>

Which is explicit about the default mode being disabled.

> Enforce SSL connections over ODBC when Encryption Mode is enabled
> -----------------------------------------------------------------
>
>                 Key: TEIID-3177
>                 URL: https://issues.jboss.org/browse/TEIID-3177
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: ODBC
>    Affects Versions: 8.8
>            Reporter: Cristiano Nicolai
>            Assignee: Steven Hawkins
>            Priority: Critical
>             Fix For: 8.9, 8.7.5.6_2
>
>
> When connecting via ODBC transport, even if the encryption mode is set to enabled is still possible to establish non ssl connections. This allows clients to  connect via insecure method. We would like that the Teiid transport could reject connections if they are not properly set up using SSL transport.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list