DataDirect for ODBC drivers use connection options to configure driver behavior and connection settings. Although applications often require end users to provide information that is used to configure these options and establish a connection, it is important to control which options are configurable by the end user, validate the values provided, and restrict access to only approved users. Failure to do so can potentially expose security vulnerabilities and introduce behavior that the application has not been tested against.

The following section describes some steps you can take to protect your connection option values as well as a list of common connection options that to which you should restrict access.

Secure the connection string

If your application allows end users to configure the ODBC connection, it is important to secure that configuration. The settings of connection options can impact the security of a solution using an ODBC driver. It is important to have protections in place to restrict which connection options a user can set as well as validating the values supplied.

Connection option whitelists

There are a couple ways that your application can restrict the connection options specified by the user. One method is to provide an interface that exposes only options that you trust the user to configure, such as a dialog with a set of fields. The other approach is to allow the user to supply a complete connection string that the application validates against a whitelist.

If your application allows users to provide a connection string, you should limit which connection options they can set by employing a whitelist within the ODBC application. The list of supported connection options for a driver should be reviewed to assemble the whitelist. For a list of supported connection options, refer to the "Connection option descriptions" section in the user's guide for your driver.

Deployment-specific validation of connection option values

After creating and implementing a whitelist of connection options that can be set by the user, you should consider additional validation of the values for those options. For instance, the connection option TrustStore accepts a file path; therefore, you may need to add validation to ensure the specified path aligns with the expectations appropriate for your application and deployment.

Validate connection option values to prevent injection

Connection option values need to be validated to prevent the user from specifying additional connection options. For instance, an application that performs no validation may accept the following value for the HostName option: 

192.168.1.123;encryptionMethod=0

In this case, in addition to specifying the host, the user also set the connection option to disable encryption. Note that ODBC connection string builds are available in some languages and often protect against such attacks. The complete syntax of the connection string can be found under the SQLDriverConnect function description in the ODBC API.

Connection options that require restricted access

The lists in this section document common connection options that we recommend that you restrict end users from configuring. Note that this is not an exhaustive list of options for which you should restrict user access. Depending on how your application uses functionality controlled by other supported options, you may want to prevent the user from configuring some or all of those options as well. Additionally, each driver may have driver-specific options that can affect driver behavior and, therefore, impact your application. Application developers should review all the options supported by a driver to determine which options should be restricted.

For a complete list of supported connection options, refer to the "Connection option descriptions" section of the user's guide for your driver.

Connection options that affect driver libraries

The drivers support multiple options that allow users to specify alternate implementations of libraries used by the driver. By allowing an end user to provide values for these options, they could configure the driver to use an implementation of a library that your application was not tested against. The options that allow alternate library implementations are:
  • CryptoLibName
  • GSS Client Library (GSSClient)
  • OpenSSL Config File (OpenSSLConfigFile)
  • OpenSSL Config Path (OpenSSLConfigPath)
  • SSLLibName

Connection options that affect driver behavior

Certain supported options can change the behavior of the driver and, therefore, impact the performance of your application. For example, there are options that change what columns are returned in metadata calls (CatalogOptions) or change the thread behavior of the driver (ApplicationUsingThreads). Changing the values of these options to something other than what the application was tested with or is expecting could cause errors in the application. The following are common options that change the driver behavior:
  • Application Using Threads (ApplicationUsingThreads)
  • Catalog Options (CatalogOptions)
  • Connection Reset (ConnectionReset)
  • Enable Describe Param (EnableDescribeParam)
  • Enable FIPS (EnableFIPS)
  • Enable Scrollable Cursors (EnableScrollableCursors)
  • Enable Static Cursors For Long Data (EnableStaticCursorsForLongData)
  • Initialization String (InitializationString)
  • PRNGSeedFile
  • PRNGSeedSource