SQL over HTTP security
protecting your SQL databases
Security has been taken into account starting with the design stage: server-side configuration lets admins specify strong authentication and security rules in order to ensure SQL database security.
Three-Tier Architecture to Protect your SQL Databases
Your SQL database will never be exposed directly to the Internet, because AceQL HTTP uses a three-tier architecture. All SQL client calls are analyzed and filtered by a configurable Servlet, the AceQL HTTP Manager. Only this Servlet can access the SQL database directly. Access to the database is granted only if the client call matches the rules defined in the Servlet.
Strong Client Authentication for Access to the SQL databases
Security Manager - Configuring SQL Firewall Rules in Java
You can configure your SQL firewall rules in Java to reinforce the protection of your databases. These rules:
- Allow filtering SQL request types, tables, Prepared Statement parameters and client usernames.
- Enable fine granularity analysis of SQL calls before allowing effective server side execution.
- Allow running code if a SQL call is discarded (example: allow immediately discarding and revoking a client username or IP address when an unauthorized SQL call is detected.)
The simplicity of use is combined with great flexibility:
- Built-in SqlFirewallManager instances may be added without any programming for DCL control, DDL control, write data control, metadata queries control. Just chain them to define the default policy.
- Advanced specific rules can be easily added without any programming.
- The plug-in of any existing SQL database firewall on the market is straightforward and requires only a few lines of Java code.
SQL Data Transport Security - SSL/TLS Support
All HTTP communications between the client side and the server can be encrypted with SSL/TLS.