Download Trial

How to Buy

Products

Solutions

Support

Developers

Partners

Company

Database Connectivity

Mainframe Integration

Connect for ADO.NET

Custom Driver Development Kit

Shadow z/Presentation

Data Integration Suite

DataDirect XQuery

DataDirect XML Converters

Stylus Studio

For Corporations

For Independent Software Vendors

For Relational Databases

For Custom Driver Development

DataDirect OpenAccess SDK

Custom Driver Development Kit

XQuery

XML Converters

Mainframe Integration

Partners Home

OEM Program

OEM Log-In

Channel Partner Program

Channel Partner Directory

Channel Partner Log-In

Products : Security : SSL Encryption

Security

SSL Encryption

Kerberos

Secure Architecture

SSL Encryption

For ISVs, Architects, Developers, and Project Managers…

DataDirect Technologies understands that secure data exchange is critical to business systems that must maintain information security. As the data connectivity experts, we incorporate industry-standard security features into all of our DataDirect Connect line of high-performance data access middleware, including SSL encryption. And it’s why we hired Internet Security Advisors Group (ISAG) to conduct an independent audit of the security features in DataDirect Connect.

Ira Winkler, founder of ISAG and well-known security expert, wrote the report, which documents his assessment and establishes the need for security features as an integral part of database drivers and providers. The report also provides important information if you’re looking to implement Single Sign-on (SSO) or data encryption.

Read the security report now, or call us at 1-800-876-3101 to speak with an expert about your data connectivity needs. You can also submit a Request for Information form and an account executive will contact you.

Scroll down this page to get more details about SSL encryption in DataDirect Connect products.

A leading industry-standard mechanism for establishing secure data transport, Secure Socket Layer (SSL) encryption secures the integrity of your data by encrypting information and providing client/server authentication.

SSL uses Public Key Interchange (PKI) to provide authentication between parties, where one or both parties can actually be services running on a computer. Each party has a two-part key: one part is a public key distributed directly or via a database such as LDAP. The other part is randomly generated and always kept private, and is never used by anyone or sent across the network. Organizations using DataDirect Connect middleware can use SSL to encrypt data transmitted between a database server and an application.

With DataDirect Connect, you can choose to have your applications automatically encrypt any data exchanged between those applications and their supporting databases. Doing so can provide the following benefits:

Development
Challenge	Risk	Feature Benefit
Ease of Development	Reliance on non-standard encryption mechanisms complicates development and impedes later changes.	As an industry standard, SSL encryption relies on established development libraries available on all commonly used IT architectures. It simplifies your implementation processes, minimizes development complexity, and reduces the long-term risks of non-adaptability.
Network Security
Challenge	Risk	Feature Benefit
Router Vulnerabilities	Data packets travel between drivers and databases via one or more routers, which may be configured to “read” data packets passing through them, allowing a user to log and exploit the information.	Enabling SSL encryption ensures that any data exchanged between a driver and database is encrypted. This in turn ensures that — even if intercepted — captured data will be unreadable and impossible to modify in any intelligible manner.
Packet Sniffing	Sophisticated freeware can be used to log data packets passing over a network, putting transmitted data at risk of being captured and logged.
SQL Injection	Where data packets have been captured by a hacker, SQL statements they contain can be modified to return more information than intended from a data source — for instance, to return from an HR database information about all employees instead of just one.
Database Access Security
Challenge	Risk	Feature Benefit
Credential Vulnerability	Packet sniffing commonly targets database access credentials — i.e., usernames and passwords used to access a database. Credentials transmitted in clear text or via weak encryption leave themselves vulnerable to being captured and used maliciously.	Using SSL encryption ensures that any database credentials sent by a driver to a database will be encrypted and thus useless to unauthorized users. Better yet, Kerberos can be used to entirely eliminate the transmission of credentials.

To learn more:

The Internet Security Advisors Group (ISAG), an international information security firm specializing in security assessment, conducted a review of the architecture and functionality of the DataDirect Connect products. Read their report to get a deeper understanding of the technologies involved and DataDirect’s implementation of them.

Heard enough? Ready to try our products? Visit the download page for a free 15-day trial.

If you’d prefer to speak with an expert about your data connectivity needs, call 1-800-876-3101 or submit a Request for Information form and an account executive will contact you.

RSS

Blog

Multimedia