Additional security considerations are required for DataDirect for ODBC drivers that use the Java-based SQL Engine to provide SQL support. The guidelines described in this section apply only to drivers that use the SQL engine server.

The following drivers use the SQL engine server:
  • Aha
  • Apache Cassandra
  • Autonomous REST Connector
  • GitHub
  • Google Analytics 4
  • Google BigQuery
  • HubSpot
  • Microsoft Dynamics 365
  • Microsoft SharePoint
  • MongoDB
  • Oracle Service Cloud
  • Salesforce
  • SAP S/4HANA
  • Snowflake
  • TeamCity

Configuration files

Drivers that use the SQL engine server have a set of configuration files that define how the objects or records in the data source map to the set of tables presented by the driver. These files have the extensions .config, .script, and .native. Since these files control the behavior of the driver, access to the files should be restricted.

On Windows systems, the files are created in the user’s AppData folder by default:
user_name\AppData\Local\Progress\DataDirect\driver_name_Schema

Access to the AppData folder is restricted to the current logged in user. Therefore, if the default location is used, the files are only be accessible to the user under which the app using the driver is running.

On UNIX and Linux systems, the files are created in the user’s home folder by default:
~/progress/datadirect/driver_name_schema/

Depending on the configuration of your system, the user's home folder might not be restricted by default. Access to the configuration files in this folder should be restricted to only the user(s) that are using the driver.

Data temporarily buffered to disk

Like all DataDirect for ODBC drivers, the drivers described in this section buffer data to disc temporarily. This behavior is similar to the one generally described in "Protect data Buffered to Disk", except that the location to which the data is buffered might be different. This difference is because the drivers described in this section callout to a Java component. As a result, the temporary data is written to the location pointed to by the Java system property java.io.tmpdir. Note that the value of the Java tmpdir may not be the same as the system temporary directory. Best security practices dictate that you should verify that access to the folder pointed to by the java.io.tmpdir is restricted.

SQL Engine Mode

The drivers described in this section have the option to run the driver SQL engine in the same process the driver is running in or in a separate server process (Server Mode). If you run the SQL engine in a separate process, the driver communicates with the server process via a TCP/IP connection. The TCP/IP connection is not encrypted or authenticated; therefore, it is more secure to run the server process on the same machine on which the application using the driver is running.

The behavior of the SQL engine is controlled by the SQL Engine Mode (SQLEngineMode) connection option. Refer to the user's guide for your driver for more information.