|
From: John H. <jh...@im...> - 2013-04-20 00:56:56
|
On Wed, 17 Apr 2013, Gonyer, Lisa wrote: > I have been a fan of SQuirreL for almost 8 years. However, in the > process of upgrading my laptop, I was informed by our IT team that they > can no longer install SQuirreL because they were informed it > communicates in clear text. Can someone please direct me to > documentation (and where within) it states that communications is > encrypted or otherwise secure OR communication is in clear text? I > would like to debunk the clear text argument so I can continue to use > this client. That depends almost entirely on the JDBC drivers that it uses to communicate with the database server. Which database server platform are you talking to? Check the vendor's page and see what they have to say (if anything) about encryption of network traffic in their JDBC client. If they say communication is in cleartext, there's nothing Squirrel can do about it, but then *any* Java database app talking to that database would have the same problem. If they say communication is encrypted, then it's encrypted. If they say encryption is optional and the client may choose to disable it, and encryption is controlled via the JDBC connect string, then it's under your control - use the right connect string! That's not specific to Squirrel. If they say encryption is optional and the client may choose to disable it, and it's controlled by standard JDBC API options (assuming there are such), then I'd expect to see an option somewhere in the Squirrel UI to enable or disable encryption. Is there an option like that? I haven't looked... This is the only case in which what Squirrel does, matters. That said, most insecure network protocols can be made secure using a package called stunnel, but that's a network-geekish solution that (ideally) requires access to install stunnel on the database server, and your IT team may balk at that solution. :) -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jh...@im... FALaholic #11174 pgpk -a jh...@im... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Our government should bear in mind the fact that the American Revolution was touched off by the then-current government attempting to confiscate firearms from the people. ----------------------------------------------------------------------- Today: the 238th anniversary of The Shot Heard 'Round The World |
