[teiid-issues] [JBoss JIRA] (TEIID-3177) Enforce SSL connections over ODBC when Encryption Mode is enabled
Steven Hawkins (JIRA)
issues at jboss.org
Thu Oct 16 14:47:35 EDT 2014
[ https://issues.jboss.org/browse/TEIID-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012645#comment-13012645 ]
Steven Hawkins commented on TEIID-3177:
---------------------------------------
Note that this is the default behavior of a pg server as well. You have to additionally configure the hba conf to deny non-ssl client connections - which is what this feature will be analogous to. Also note that http://www.postgresql.org/docs/9.2/static/libpq-ssl.html states that clients must be configured for ssl - see sslmode or else the client can still send information in an non-secure fashion even if the server is in ssl mode regardless of whether it is rejecting connections (this may be because there are versions of the pg client that can send password information in the initialization message or not waiting for the authentication mode response from the server).
> Enforce SSL connections over ODBC when Encryption Mode is enabled
> -----------------------------------------------------------------
>
> Key: TEIID-3177
> URL: https://issues.jboss.org/browse/TEIID-3177
> Project: Teiid
> Issue Type: Feature Request
> Components: ODBC
> Affects Versions: 8.8
> Reporter: Cristiano Nicolai
> Assignee: Steven Hawkins
> Priority: Critical
>
> When connecting via ODBC transport, even if the encryption mode is set to enabled is still possible to establish non ssl connections. This allows clients to connect via insecure method. We would like that the Teiid transport could reject connections if they are not properly set up using SSL transport.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the teiid-issues
mailing list