Informix

 View Only
  • 1.  SSL connection to IDS

    Posted Wed March 01, 2023 02:32 AM

    Hello,

    I see that there are two protocols for SSL connection

    https://www.ibm.com/docs/en/informix-servers/12.10?topic=protocol-configuring-server-instance-secure-sockets-layer-connections

    I suppose that "drsocssl protocol for DRDA connections" is for HDR,RSS,…

    Are there any easily readable things between primary, HDR, RSS servers?

    Is it really necessary to make an SSL connection between those servers ?

     

    Thanks



    ------------------------------
    Samuel To
    ------------------------------


  • 2.  RE: SSL connection to IDS

    IBM Champion
    Posted Wed March 01, 2023 06:41 AM

    The drsocssl connection type is NOT for HDR/RSS/SDS communication, it is for DRDA connections from DB2 development stack clients. Use the onsocssl connection types for HDR/RSS/SDS and native Informix clients.

    The traffic between the primary and secondary servers contains your data which may or may not be sensitive data. Yes it is in binary, but it is completely readable. The traffic is mostly logical log records and there have been at least two applications written, besides onlog, that can read and display logical log data, so not hard at all. That is why one would encrypt the connections between the primary and secondary. You should also use a dedicated connection marked with the s=6 option to prevent any clients from connecting to that port.

    Art



    ------------------------------
    Art S. Kagel, President and Principal Consultant
    ASK Database Management Corp.
    www.askdbmgt.com
    ------------------------------



  • 3.  RE: SSL connection to IDS

    Posted Wed March 01, 2023 07:06 AM

    Hello,

    That is why one would encrypt the connections between the primary and secondary.

    With SSL like this ?

    https://www.ibm.com/docs/en/informix-servers/12.10?topic=protocol-configuring-server-instance-secure-sockets-layer-connections



    ------------------------------
    Samuel To
    ------------------------------



  • 4.  RE: SSL connection to IDS

    IBM Champion
    Posted Wed March 01, 2023 04:59 PM

    Hi Art,

    Can you naked the 2 applications that can decode logs?


    Regards,

    David.



    ------------------------------
    David Williams
    ------------------------------



  • 5.  RE: SSL connection to IDS

    IBM Champion
    Posted Wed March 01, 2023 05:58 PM

    David:

    Paul Watson wrote one and another was a commercial product by one of the Informix old timers, but I've lost the link I had to his site.

    Art



    ------------------------------
    Art S. Kagel, President and Principal Consultant
    ASK Database Management Corp.
    www.askdbmgt.com
    ------------------------------



  • 6.  RE: SSL connection to IDS

    Posted Thu March 02, 2023 02:49 AM
    Here it is, Art:


    That's David Linthwaite, but not sure if he's still working.



    This e-mail (and any files or other attachments transmitted with it) is intended solely for the attention of the addressee(s). Unauthorised use, disclosure, storage, copying or distribution of any part of this e-mail is not permitted. If you are not the intended recipient please destroy the email, remove any copies from your system and inform the sender immediately by return. Oninit Consulting Ltd does not accept any liability or responsibility for any damage caused by any virus transmitted by this email or for changes made to this e-mail after it was sent. All communications to or from Oninit Consulting Ltd may be automatically logged, monitored and/or recorded in order to secure the effective operation of the system and for other lawful purposes. The views or opinions contained within this e-mail may not necessarily reflect those of Oninit Consulting Ltd.





  • 7.  RE: SSL connection to IDS

    IBM Champion
    Posted Thu March 02, 2023 06:46 AM

    YES!!!!  Thank you Doug! That was the one!

    Art



    ------------------------------
    Art S. Kagel, President and Principal Consultant
    ASK Database Management Corp.
    www.askdbmgt.com
    ------------------------------