Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking Administration
  3. Authentication
  4. Security
  5. Connection Management
  6. JDBC Client Configuration
  7. ODBC Client Configuration
  8. Access Control
  9. Logs
  10. High Availability
  11. Server Control
  12. Performance Tuning
  13. Troubleshooting
  14. Appendix A: Database Keywords

Administrator Guide

Administrator Guide

SSL Communication in Dynamic Data Masking

SSL Communication in Dynamic Data Masking

Dynamic Data Masking supports SSL communication between the Dynamic Data Masking Server and multiple database instances, types, and clients, such as the Management Console and Server Control. The Dynamic Data Masking Server can load multiple existing keystores and truststores, which in most cases you can copy from the database or database client to the Dynamic Data Masking installation without any modification.
When you enable SSL communication, you configure the
cfg/ddm.security
file for keystores and truststores used by the Dynamic Data Masking Server. You also configure the
cfg/client.security
file for truststores used by clients such as the Management Console and Server Control. Configuration parameters for the
cfg/client.security
and
cfg/ddm.security
files are the same.
You also use the
cfg/ddm.security
file to configure key strategies and trust strategies. Key strategies are required when Dynamic Data Masking uses multiple signed certificates to perform the handshake with database clients. Trust strategies tell Dynamic Data Masking how to handle a certificate that does not exist in the Dynamic Data Masking truststore and is therefore rejected by the trust manager.
Dynamic Data Masking supports various security protocol and cipher suites. You can define global settings for security protocols and cipher suites, or you can configure protocols and ciphers that map to a specific Dynamic Data Masking host and port.
You can enable SSL communication for Oracle, IBM DB2, and Microsoft SQL Server target databases.

0 COMMENTS

We’d like to hear from you!