Encrypted JDBC connection

Question

I do a lot of work on databases over the internet. My company is instituting a policy of not sending any non-encrypted information (including vanilla JDBC). I currently connect to MS SQL Server and IBM DB2 databases (both LUW and AS/400). Is there an easy way to encrypt/decrypt these connections?

Edit: Found an interesting and relatively simple SSH tunnelling article that may be of some help. http://www.ibm.com/developerworks/data/library/techarticle/dm-0312lurie/index.html

Answer 1

I would use SSH Tunneling with Public Key Authentication or VPN Network. That way you can define encryption apart from your Application / Database and it add an additional layer of Authentication.

Then make sure MySQL is only listening (or allow connections only) on localhost or the VPN Interface.

Your JDBC Connection Url then simply connects to localhost:[TUNNEL_PORT]

You dont need an extra overhead of configuring JDBC or MySQL for encryption.

Answer 2

Docs:

For DB2: Properties for the IBM DB2 Driver for JDBC and SQLJ (look at the property sslConnection)
For MSSQL: Using SSL Encryption

Answer 3

Maybe JDBC over SSL, if your databases support SSL and your JDBC drivers too. A fast googling shows that Microsoft SQL Server JDBC Driver 1.2 has support for SSL encryption and that the IBM DB2 JDBC Driver 9.1 includes SSL support to database servers that also have SSL support.

Some links :

• SQL Server 2005 JDBC driver v1.2 Aug CTP is LIVE (2007-09-04)
• SSL in Microsoft SQL Server JDBC 1.2 driver (2008-02-04)
• What's new for V9.1: JDBC and SQLJ enhancements (2008-10-01)

Answer 4

Don't know about those databases, but oracle can be set to encrypt connection data that it sends out (& I think that it receives). The standard oracle jdbc jar copes with the encrypted data without any client configuration or programming changes.

Also - if you're using VPN to connect to your databases over the internet then this will be encrypted anyway won't it?