frevvo Latest - This documentation is for frevvo v10.1. Not for you? Earlier documentation is available too.
When accessing your database from an externally hosted SaaS frevvo Server, follow these steps to ensure your data is secure. You may also wish to consider one or all of these step even when using the frevvo in-house version if you feel your intranet is not secure.
Using the frevvo Database Connector's security mechanism, combined with only accepting SSL connections to the database connector from the web application container, will prevent unauthorized access to your database queries. The steps below describe how to secure your data.
On this page:
The database connector does not have any specific configuration to handle SSL. Since it runs inside the Servlet container, it is typically the responsibility of the container to handle this layer of security. In any case, here is what we have done for customers that needed SSL and were using Tomcat:
SSL (Secure Socket Layer), is a technology which allows web clients and web servers to communicate over a secured connection. This means the data being sent is encrypted by one side, transmitted, and then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the client encrypt all traffic before sending out data.” The basic steps:
Edit <connectorInstallationDirectory\config\dbconnector.properties to add the SSL to the keystore. Example:
The queryKey attribute enables a password authentication mechanism that limits query execution to only those who know the queryKey password string. Every HTTP request that is sent to the database connector to execute that query must contain the key. The connector will deny all requests that do not contain the key.
For example, given the configuration below:
A valid request would be:
The frevvo Database Connector automatically protects your data from Injection Attacks. No configuration is required for this security measure.
While you cannot encrypt the database password in the <frevvo-home>\tomcat\conf\dbconnector.properties file, you can provide added security using one of the following methods: