Access your remote SQL databases from your Android, Swing or JavaFX application without compromising security
Three-Tier Architecture to Protect your Databases
Your database will never be exposed directly to the Internet, because AceQL uses a three-tier architecture. All JDBC calls from the client side are analyzed and filtered by a configurable Servlet, the AceQL Manager. Only this Servlet can access the database directly. Access to the database is granted only if the client call matches the rules defined in the Servlet.
Each client must be logged in with a username and password to gain access to an AceQL Session. The username and password are verified by the AceQL Manager, using your injected Java code to authenticate the username-password pair. Once the client is logged in, an authentication token is built using strong cryptography. The authentication token is then reused at each client call to verify that the request is legitimate. A default authentication token builder algorithm is provided, but you may define and code your own algorithm.
Configuring Security Rules in Java
You can configure your security rules in Java to reinforce the protection of your databases. These rules:
- Allow filtering IP, SQL request types, tables, PreparedStatement parameters and client usernames.
- Enable fine granularity analysis of JDBC calls before allowing effective server side execution.
- Allow defining whether the database catalog can be queried.
- Allow sending alerts when an unauthorized JDBC/SQL call is detected.
- Allow immediately discarding and revoking a client login or IP address when an unauthorized JDBC/SQL call is detected.
All HTTP communications between the client side and the server can be encrypted with SSL/TLS. An option enables forcing the use of an encrypted SSL/TLS Secure connection prior to sending login and password to the AceQL Manager.
Client Side Obfuscation
AceQL supports obfuscation of the code distributed on the client side.
We provide strong obfuscation with end-to-end SQL statement encryption using 256-bit AES.