Subject Re: [Firebird-Java] Type 4 Driver Security
Author Marcelo Lopez Ruiz
To encrypt communication between two arbitrary services, the openssh
package can be used. There are versions for Linux and Windows, and they
work ok.

It basically works like this.

1. The client connects to a local port, opened by openssh, and transmits
clear text.
2. Openssh will forward the connection to an openssh port running on the
server, and establish an encrypted session.
3. The remote openssh will connect through a local connection to the
server, transmitting clear text.

As you can see, both client and servers work with clear text. No changes
are required to either. The information that goes through the network,
however, is encrypted.

Other than modifying the connection string, the clients require no
changes. There is, however, the administrative burden of setting openssh
up on clients and servers.

I posted something about this a while ago when asking the IB team to
support FB's syntax to specify a port. This enables you to test
everything in one computer - you cannot do because the server opens the
gds port, and the client needs to connect to another port to find the
local openssh.

I have a half-baked tutorial on how to get this running. Is anyone
interested in this?



David Jencks wrote:

> On 2002.04.17 11:23:22 -0400 Rick Fincher wrote:
> > Hi All,
> >
> > Does the type 4 JDBC driver encrypt?
> No
> >
> > I know that the Interclient JDBC driver does,
> Interesting. I don't know that, and really doubt it, especially between
> interserver and interbase. I certainly never saw any encryption code.
> but I haven't seen that
> > mentioned in reference to the type 4 driver.
> Would require adding ssl support to the server. I suggest not running the
> driver on an insecure network.
> david jencks
> >
> > Thanks,
> >
> > Rick
> >