I'm looking to make TLSv1.2 connections to Cloudant server. From the cloudant java client can we make TLSv1.2 connections?
Providing your JVM support making such connections, it can make TLSv1.2 connections to cloudant.
Related
I have setup my own mongoDB and enabled authorization that’s hosted on an external server.
Which i can now connect to my DB using mongo Compass while mongoDB is:
bindIp : 0.0.0.0
But not any other things else.
Then I found this thread on the mongoDB community forum:
here
Stating that there’s a misconception on bindIp. Which it does not listen to remote ip that wants to connect, but listen to only local network. In order to connect to my mongoDB with a remote ip while not opening all my port to public (0.0.0.0) i need to set up a SSL connection.
Now here’s the problem. How do i setup SSL connection ? I took the class M301 and know about X.509 but still have no clue how to connect via SSL.
I would like to connect through something like with the connection string of:
mongod://:#XXX.XX.XX.XXX:XXXXX/?ssl=true <<<<
If X.509 is the method, how do i work with pem key ? how do i sign one ? how do i use client key in mongo compass?
If you have a certificate, MongoDB documentation provides guides for setting up TLS on the server. How to create the certificate is usually not covered; typically you would either work for a company whose IT department would take care of this for you, or you would use a service such as MongoDB Atlas which would handle TLS termination.
For learning purposes you can use self-signed certificates and there is probably a university course for setting up TLS.
I've done a small TCP/IP server which acts quite like an ftp server.
On the client side, I'm using an API to connect and to exchange data against the server.
This server will be on an active-directory ecosystem, so the client.
What kind of API should I use to implement a SSO/AD authentication on my server ?
(Everything is written in C)
I've seen that SqlServer is doing this through the Trusted connection term. Perhaps a simplier to do things ?
Should I lead to SSPI exchange loop ?
Yes, you need to init a security context from the client and accept that contect from the server, loop until the security context has been established. If you are concerned about your private, you can encrypt the entire traffic with Kerberos.
I am trying to set up an XMPP server, such that users of my service can communicate with XMPP users of other services. I have two requirements
1) Users of other services must still be able to use whatever client and chat service they are currently using, such as the gmail web client, to talk to my clients.
2) The communication must be encrypted when sent between client and server and server and server. (The later is more difficult)
I setup an XMPP server and federated with gmail, and found that the server to server communications was not encrypted. I next federated my XMPP server with jabber.org, and the connection from my server to jabber.org was encrypted, giving me confidence that my server configuration was correct. Is there any way to encrypt the communication between my XMPP server and Google's Are there any XMPP servers that support TLS with Google Presuming this is not currently supported by Google, are their plans to add TLS on server to server communications in the future? When is it expected?
In lieu of encrypted server to server communications, are there other possibilities (given the above requirements)? Would a Google app engine application have encrypted communication between the gmail server and my Google app engine app and also satisfy the first requirement?
For the communication server to server, you can use AES to encrypt all the communication, and for the password, you can send it with RSA. If you are using python you can use pycrypto, although to test it in the development server have to install that library.
About the client and server comunitacion I'm not sure if you can use the same encryption.
I am trying to secure online transaction between application server and database. One-way is SSL, but is there any other way of securing transaction between them. I am trying to reduce the overhead in securing the line. Are there any tool or api's which I can integrate with the application server or deploy on it.
/SR
Sure, but it requires a thoughtful review of your architecture. If you have a dedicated line between your application and your database, the connection could be encrypted at the network layer.
I'm a bit surprised that your application server and your database are not within the same trust boundary. Is this an app in the cloud?
SSL is by far the best way, its extremely secure and absolutely free. If your database or another application doesn't support SSL then you can use a free SSL VPN such as OpenVPN. This will create a secure transport layer connection between 2 machines.
If you are connecting to a database on the local machine then there is no point in a secure transport layer connection. However you should firewall off the database port, for instance MySQL uses tcp 3306.
I'm planning on provisioning a web server and database server in a server farm environment. They will be in the same network but not in the same domain, both windows server 2008 and the database server is sql server 2008. My question being, what is the best way to secure data in transport between the servers? I've looked into IPSEC and SSL but not sure how to go about implementing either.
As you mentioned, IPSEC is your best bet for SQL traffic (port 1433), and SSL for web traffic (port 443).
IPSEC can be enabled through Group Policy in Active Directory.
My knowledge of IPSEC is limited but I believe that the encrypted traffic is put into a tunnel, which then travels through a different port.
When IPSEC is then turned on, traffic over port 1433 can then be blocked either through an ACL or a Firewall, thus ensuring your SQL traffic is completely secure.
If you have the ability to configure Group Policy yourself you may find this link useful.
http://www.petri.co.il/configuring_ipsec_policies_through_gpo.htm