Secure Socket Layer (SSL)
Secure Socket Layer (SSL) is a protocol for providing secure transactions between servers and clients. It uses a certificate to identify one or both ends of the transaction. It can be useful for database communications to protect any authentication information, such as usernames and passwords, as well as the actual data itself.
Some databases support SSL and some do not. To know if your database supports SSL, you need to study the documentation for your database and work with the administrator of the database. If your database can be configured to use SSL with JDBC, it should be possible to configure DatabaseLink
to communicate with the database using SSL.
One database that does support SSL is MySQL, and it is possible for DatabaseLink
to communicate with a MySQL database using SSL. You will need to configure the database to provide SSL communications and generate a certificate. To do this you will need to work with the administrator of your database.
There are typically four stages to setting up SSL to work with a MySQL database.
Get a certificate of authority.
Generate a truststore file.
Configure Java to use the truststore.
Configure the connection to use SSL.
The administrator of the server should be able to provide the certificate of authority, suppose this is called CA.cer
You need to generate the truststore file. This can be done with the keytool
executable that is part of a Java Runtime Environment (JRE). You can use the version included in the JRE that ships with Mathematica
. To generate the truststore file, you would need to execute the following in some type of shell (e.g. a command prompt on Windows).
keytool -import -file CA.cer -keystore truststore
This will generate the file truststore
The next stage is to modify your Java command line for J/Link
to refer to the truststore
file. This can be done by adding the following settings, in which you need to give the full pathname to the truststore
file that was generated.
If you are running Mathematica
inside a web server, such as webMathematica
, you will need to add these settings to the server that launches Java by following your server documentation. If you are running Mathematica
in a stand-alone fashion, you can add the settings to the options of Java by executing the following before you load DatabaseLink
SetOptions[InstallJava, JVMArguments ->"-Djavax.net.ssl.trustStore=c:\java-examples\truststore -Djavax.net.ssl.trustStorePassword=keystore"]
Finally, you need to modify the URL that connects to the database. This can be done by placing an extra parameter with a '?', as shown in the following.
OpenSQLConnection[ JDBC[ "com.mysql.jdbc.Driver",
"databases:1234/conn_test?useSSL=true"], "Username" -> "test"]
It should be noted that not all databases support SSL and that databases other than MySQL that do support SSL may need to be configured in a different way to work with DatabaseLink