IBM Informix Dynamic Server, Version 9.4 and later, enables encryption of data transmitted over a network using an encryption communication support module. IBM Informix JDBC Driver, Version 2.21.JC5 and later, makes this feature available to all JDBC clients by adding a communication support module (CSM) to the JDBC driver.
IBM Informix JDBC encryption module is com.informix.jdbc.Crypto class that is packaged in the IBM Informix JDBC .jar file. IBM Informix JDBC encryption CSM is a pure Java implementation that uses services from the Java Cryptography provider. For information about the Java Cryptography provider, see the Sun Microsystems web site.
To configure network encryption, set the CSM environment variable. The following illustrates the syntax of the CSM environment variable and encryption options:
CSM Environment Variable Syntax >>-CSM=("CLASSNAME=com.informix.jdbc.Crypto"-+-----------------------------+-)->< '-,--+-option tags----------+-' '-config=parameterfile-'
| Element | Description |
|---|---|
| option tags | Specify the syntax of encryption tags. For more information, see Using Option Tags. |
| config=parameterfile | Specify encryption options in a file. For more information, see Using Option Parameters. |
IBM Informix JDBC encryption CSM has been tested with the Sun Java Cryptography provider.
The option tags that can be passed on to the encryption CSM are the same as the encryption option tags that are specified in the CSM configuration file used by the server or CSDK. There are three option tags: cipher, mac, and switch.
For the syntax of these tags, see the Security chapter of the IBM Informix: Administrator's Guide.
Note that encryption CSM option parameters are separated by a comma and not by a semicolon. When using a DataSource, getIfxCSM() and setIfxCSM() methods can be used to get and set CSM as a property. When setting CSM as a property, make sure that you do not enclose the option string in parentheses. The following is an example that correctly sets the CSM as a property:
connProperties.put("CSM","classname=com.informix.jdbc.Crypto,cipher[all],
mac[<builtin>]");
You can configure encryption by creating a file with encryption parameters and then specifying the filename. The encryption parameters are:
For the syntax of these parameters, see the Security chapter of the IBM Informix: Administrator's Guide.
The following is an example that specifies the CSM parameters in a configuration file:
String newUrl = "jdbc:informix-sqli:
//beacon:8779/test:INFORMIXSERVER=danon950_beacon_encrypt;
user=rdtest;password=test;
csm=(classname=com.informix.jdbc.Crypto,config=test.cfg)";
try
{
Class.forName( "com.informix.jdbc.IfxDriver" );
}catch( Exception e )
{
System.out.println( "ERROR: failed to load
Informix JDBC driver." );
}
try
{
Connection con = DriverManager.getConnection( newUrl );
}
catch( SQLException e )
{
System.out.println( "ERROR: failed to connect." );
e.printStackTrace();
return;
}
To be able to connect to IBM Informix database servers on an encrypted port, the JDBC client must use JDBC encryption CSM. Also note that when using JDBC encryption CSM, attempts to connect to IBM Informix database servers on a non-encrypted port will fail. An instance of IBM Informix Database server may be configured to listen in on encrypted and non-encrypted ports at the same time. For details regarding configuring Dynamic Server to use encryption CSM, see IBM Informix: Dynamic Server Administrator's Guide.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]