Datenbank/Kryptografie: Unterschied zwischen den Versionen

Aus Foxwiki
Die Seite wurde neu angelegt: „== Databases == === MySQL === ==== Tested with Versions ==== * MySQL 5.5 on Debian Wheezy * MySQL 5.7.20 on Ubuntu 16.04.3 ==== Settings ==== ==== References ==== MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. ==== How to test ==== After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%'; =…“
 
Keine Bearbeitungszusammenfassung
 
(12 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
== Databases ==
=== MySQL ===
=== MySQL ===
==== Tested with Versions ====
==== Tested with Versions ====
* MySQL 5.5 on Debian Wheezy
* MySQL 5.5 on Debian Wheezy
Zeile 8: Zeile 5:


==== Settings ====
==== Settings ====
==== References ====
==== References ====
MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections].
MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections].
Zeile 15: Zeile 11:
After restarting the server run the following query to see if the ssl settings are correct:
After restarting the server run the following query to see if the ssl settings are correct:
show variables like '%ssl%';
show variables like '%ssl%';
=== DB2 ===
==== Tested with Version ====
We do not test this here, since we only reference other papers for DB2 so far.
==== Settings ====
===== ssl_cipherspecs: =====
In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
; Recommended and supported ciphersuites
db2 update dbm cfg using SSL_CIPHERSPECS
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
==== References ====
IBM DB2 Documentation on ''Supported cipher suites''.[https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html]


=== PostgreSQL ===
=== PostgreSQL ===
==== Tested with Versions ====
==== Tested with Versions ====
* Debian Wheezy and PostgreSQL 9.1
* Debian Wheezy and PostgreSQL 9.1
Zeile 57: Zeile 18:


==== Settings ====
==== Settings ====
To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>.
; To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>.
 
* Starting with version 9.2, you have the possibility to set the path manually
{| class="wikitable sortable options" style="border-spacing:0;width:13.102cm;"
|-
||
|| Starting with version 9.2, you have the possibility to set the path manually.
|-
|}


==== References ====
==== References ====
It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual.
It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual.
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL].
* PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL].
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication].
* PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication].


==== How to test ====
==== How to test ====
To test your ssl settings, run <tt>psql</tt> with the sslmode parameter:
To test your ssl settings, run <tt>psql</tt> with the sslmode parameter:
$ psql "sslmode=require host=postgres-server dbname=database" your-username
$ psql "sslmode=require host=postgres-server dbname=database" your-username
 
<noinclude>
=== Anhang ===
==== Siehe auch ====
{{Special:PrefixIndex/Datenbank}}
===== Sicherheit =====
===== Dokumentation =====
===== Links =====
====== Projekt ======
====== Weblinks ======
# https://bettercrypto.org/
 
[[Kategorie:Kryptografie/Best Practice]]
[[Kategorie:Datenbank/Sicherheit]]
 
</noinclude>

Aktuelle Version vom 31. März 2024, 13:55 Uhr

MySQL

Tested with Versions

  • MySQL 5.5 on Debian Wheezy
  • MySQL 5.7.20 on Ubuntu 16.04.3

Settings

References

MySQL Documentation on Configuring MySQL to Use Encrypted Connections.

How to test

After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%';

PostgreSQL

Tested with Versions

  • Debian Wheezy and PostgreSQL 9.1
  • Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c

Settings

To start in SSL mode the server.crt and server.key must exist in the servers data directory $PGDATA.
  • Starting with version 9.2, you have the possibility to set the path manually

References

It’s recommended to read Security and Authentication in the manual.

How to test

To test your ssl settings, run psql with the sslmode parameter:

$ psql "sslmode=require host=postgres-server dbname=database" your-username


Anhang

Siehe auch

Sicherheit
Dokumentation
Links
Projekt
Weblinks
  1. https://bettercrypto.org/