The driver supports TLS/SSL encryption for Denodo.

Note: Connection hangs can occur when the driver is configured for TLS/SSL and the database server does not support TLS/SSL. You may want to set a login timeout using the LoginTimeout property to avoid problems when connecting to a server that does not support TLS/SSL.

To configure TLS/SSL encryption:

  • Set the ServerName property to the name or the IP address of the Denodo server to which you want to connect. For example, myserver.
  • Set the PortNumber property to specify the port number of the server listener. The default is 9996.
  • Set the DatabaseName property to the name of the database to which you want to connect.
  • Set the User property to specify the user name that is used to connect to the server.
  • Set the Password property to specify the password.
  • Set the EncryptionMethod property to SSL.
  • Specify the location and password of the truststore file used for SSL server authentication. Either set the TrustStore and TrustStorePassword properties or their corresponding Java system properties (javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword, respectively).
  • (Optional) Set the CryptoProtocolVersion property to specify acceptable cryptographic protocol versions (for example, TLSv1.2) supported by your server.
  • (Optional) To validate certificates sent by the database server, set the ValidateServerCertificate property to true.
  • (Optional) Set the HostNameInCertificate property to a host name to be used to validate the certificate. The HostNameInCertificate property provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
  • (Optional) If your database server is configured for SSL client authentication, configure your keystore information:
    • Specify the location and password of the keystore file. Either set the KeyStore and KeyStorePassword properties or their corresponding Java system properties (javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword, respectively).
    • If any key entry in the keystore file is password-protected, set the KeyPassword property to the key password.
Note: The User and Password properties are not required to be stored in the connection string. They can also be passed separately by the application.

The following examples demonstrate the required properties for a session using TLS/SSL encryption with user ID/password authentication.

For a connection URL:

Connection conn = DriverManager.getConnection
 ("jdbc:datadirect:denodo://myserver:9996;DatabaseName=mydb;
   User=jsmith;Password=secret;EncryptionMethod=SSL
   TrustStore=TrustStoreFile;TrustStorePassword=XYZ;");

For a data source: 

DenodoDataSource mds = new DenodoDataSource();
mds.setDescription("My Denodo Data Source");
mds.setServerName("myserver");
mds.setPortNumber("9996");
mds.setDatabaseName("mydb");
mds.setUser("jsmith");
mds.setPassword("secret");
mds.setEncryptionMethod("SSL");
mds.setTrustStore("TrustStoreFile");
mds.setTrustStorePassword("XYZ");
Note: Setting the password using a data source is generally not recommended. The data source persists all properties, including the Password property, in clear text.