Skip to main content
A
Anonymous
January 6, 2010
Answered

Coldfusion - Microsoft SQL Server Traffic Encryption

  • January 6, 2010
  • 4 replies
  • 2791 views

Hi,

     have someone tried/managed to encrypt traffic from coldfusion to SQL Server?

Please share if you don't mind

Thanks

This topic has been closed for replies.
Correct answer JR__Bob__Dobbs-qSBHQ2

I've not used the SSL features of JDBC but you might start in the documentation.

With bundled CF drivers
http://help.adobe.com/en_US/ColdFusion/9.0/Admin/WS70f0d54f063b9b08238ab6dc122b1a20785-8000.html

If you are using the Microsoft JDBC driver, not the one bundled with CF.
http://msdn.microsoft.com/en-us/library/bb879935%28SQL.90%29.aspx

You *may* need to import your SSL certificate so that it will be recognized
http://go.adobe.com/kb/ts_kb400977_en-us

4 replies

T
TLC-IT
Inspiring
January 15, 2010

If the computers are on different, distant, boxes ... use a pair of routers between them that supports VPN.  Use these routers to encrypt the traffic between the two boxes ... transparently to both of them.  (You can shovel just as many streams of traffic as you need to through such routers, and they will reliably provide the service of securing all those channels against eavesdropping ... transparent to the clients who are communicating.

Each of the routers knows one another's keys and should accept connections only from and to one another, checking each others' identity as VPN automatically provides.

A
Anonymous
January 19, 2010

Hi TLC-IT, have you deployed one like this? adding 2 more routers on the middle?

I wonder about the performance impact, it's an overkill for my configuration actually.

Thx for the post.

J
JR__Bob__Dobbs-qSBHQ2Correct answer
Inspiring
January 6, 2010

I've not used the SSL features of JDBC but you might start in the documentation.

With bundled CF drivers
http://help.adobe.com/en_US/ColdFusion/9.0/Admin/WS70f0d54f063b9b08238ab6dc122b1a20785-8000.html

If you are using the Microsoft JDBC driver, not the one bundled with CF.
http://msdn.microsoft.com/en-us/library/bb879935%28SQL.90%29.aspx

You *may* need to import your SSL certificate so that it will be recognized
http://go.adobe.com/kb/ts_kb400977_en-us

A
Anonymous
January 7, 2010

Yes, what I need is to secure from database driver to SQL Server.

I just didn't notice where to configure SSL on CFIDE Datasource setting.

There are a bunch of connection properties to put there,

Thanks everyone.

A
Adam Cameron.
Inspiring
January 6, 2010

You'd probably not want to secure it right from CF, but secure the connection between the JDBC driver and the DB.  Google "secure jdbc" and see what you turn up.

Or you could run you JDBC connection via a secure VPN connection, or something like that?  Or I guess use IPSec?

Sorry to not have specific answers, but I have to concede I've never had to do this.  But it's not really something that's best solved @ CF level anyhow, I think.

--

Adam

D
Dan_Bracuk
Inspiring
January 6, 2010

ColdFusion has encrypt and decrypt functions.  If you choose this route, you will be storing encrypted data which may or may not meet your requirements.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices