DCO PostgreSQL Database Communications - Security & SSL

DCIM_Support · ‎2020-07-04

DCO has PostgreSQL communication between the active and DR node on port 5432. Same port for opening DCO ETL Database for other servers to access which is unencrypted.

Can you advise how do we secure this?

Can we encrypt this via native database SSL in the DCO setup?

DCIM_Support · ‎2020-07-04

Hi Lai Yuan,

I have registered an enhancement case for this, so the possible improvements can be developed and added into a future DCO release. Thanks

Kind regards

--

Hi Lai Yuan (Lai Yuan Jiun)

Further investigation of this case: it turns out that the secure communication is supported already.

Database communication between "master" and DR node is secure (over SSL).

External access to ETL internal databases allow for both insecure access and secure access (over SSL) - both require username/password authentication. If you use psql command to access the internal ETL database you can e.g. use a connection string like:

psql "sslmode=require host= dbname= user=" --password

The psql command will then prompt for the ETL user's password.

If you are using JDBC access with a driver compiled with SSL support, you can use the connection string:

jdbc:postgresql://:5432/?sslmode=require

Connection would then be secure.

Kind regards

--

updated

DCIM_Support · ‎2020-07-04

Thanks Jef, we have testing it and it works.

DCIM_Support · ‎2020-07-04

Hi Lai Yuan,

You are welcome & many thanks for the feedback.

Kind regards

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.