ODBC security?


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 4 of 4

Thread: ODBC security?

  1. #1
    Sanjay Guest

    ODBC security?


    Hello,
    Is there a way to secure an odbc connection from one box to another.
    Explanation:

    Box A has an ODBC datasource that points to Box B's IP address.
    Box B runs MS SQL Server 2000

    I am assuming I can't use SSL, since ODBC is running at the same layer?

    Thank you for your help,

    Sanjay
    please cc me at
    svp011467@yahoo.com

  2. #2
    Nikolay Stanchenko Guest

    Re: ODBC security?


    Hello!

    ODBC is only interface for single database access to different Database
    Servers. Security is part of communication between server and database
    client. And ODBC layer uses client API.

    For ex. ODBC->Net8 ----- Oracle Server.

    If you want to secure communications you can use build-in security
    components of database server. Also you can use software like as stunnel
    to organize SSL encryption channel between client and server. In that case
    you can use digital certificates to identify client and server.

    Also there is way to develope special security ODBC-proxy that retransmits
    ODBC request to special application server and then from this server uses
    standard ODBC calls - but it's no easy way.


    Nikolay Stanchenko
    Brainbench MVP for Internet Security



  3. #3
    Ravindra Guest

    Re: ODBC security?


    How to encrypt data at the ODBC layer, like say userID and password?

    "Nikolay Stanchenko" <sheldy@cea.ru> wrote:
    >
    >Hello!
    >
    >ODBC is only interface for single database access to different Database


    >Servers. Security is part of communication between server and database
    >client. And ODBC layer uses client API.
    >
    >For ex. ODBC->Net8 ----- Oracle Server.
    >
    >If you want to secure communications you can use build-in security
    >components of database server. Also you can use software like as stunnel
    >to organize SSL encryption channel between client and server. In that case
    >you can use digital certificates to identify client and server.
    >
    >Also there is way to develope special security ODBC-proxy that retransmits
    >ODBC request to special application server and then from this server uses
    >standard ODBC calls - but it's no easy way.
    >
    >
    >Nikolay Stanchenko
    >Brainbench MVP for Internet Security
    >
    >



  4. #4
    ObiWan Guest

    Re: ODBC security?


    > Box A has an ODBC datasource that points to Box B's IP address.
    > Box B runs MS SQL Server 2000


    In the case of MS SQL server (and other DB which use
    standard TCP ports to communicate) you'll need some
    kind of "tunnelling" program which will take care of
    encrtypting the communications between the client
    and the server; the idea is the following:

    install a "tunnel client" on the local machine

    install a "tunnel server" on the SQL machine

    configure the tunnel client to talk to the server
    and the server to map port 1433 on server side
    so that the tunnel will end up to the SQL server

    configure the ODBC DSN on the client to point
    to the LOCAL machine where the tunnel client
    is listening (e.g. 127.0.0.1:1433)

    now, whenever you start an ODBC connection
    the "tunnel client" will encrypt your request and
    pass it up to the server which will then decrypt
    it and send it to the SQL server; same thing for
    the data being returned - final result *every*
    communication between the ODBC client and the
    SQL Server will be completely encrypted !

    A good (open source) program to accomplish
    this task is ZeBeDee; the home page is:

    http://www.winton.org.uk/zebedee/

    just to clear up things:

    ODBC driver
    pointing to
    127.0.0.1
    port 1433
    |
    ZeBeDee client
    listening on 1433
    and talking to
    remote ZeBeDee
    |
    |
    | encrypted tunnel
    | (could be internet)
    |
    |
    ZeBeDee server
    mapping to 1433
    on local SQLSRV
    |
    SQL server

    I hope it's clear; in any case you can find more
    informations reading the ZeBeDee documents

    Regards




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center