src/practical_settings/DBs.tex

   1
   2 %%\subsection{Database Systems}
   3 % This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
   4
   5 \subsubsection{Oracle}
   6 \todo{write this}
   7
   8 \subsubsection{SQL Server}
   9 \todo{write this}
  10
  11
  12
  13
  14 \subsubsection{MySQL}
  15
  16 \begin{description}
  17 \item[Tested with Version:] Debian 7.0 and MySQL 5.5
  18
  19 \item[Settings:] \mbox{}
  20
  21 \paragraph*{my.cnf}\mbox{}\\
  22
  23 \begin{lstlisting}[breaklines]
  24 [mysqld]
  25 ssl
  26 ssl-ca=/etc/mysql/ssl/ca-cert.pem
  27 ssl-cert=/etc/mysql/ssl/client-cert.pem
  28 ssl-key=/etc/mysql/ssl/client-key.pem
  29 ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA
  30 \end{lstlisting}
  31
  32 \item[Additional settings:]
  33
  34
  35 \item[Justification for special settings (if needed):]
  36
  37 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
  38
  39 \item[References:]
  40
  41 \todo{add references}
  42
  43 % add any further references or best practice documents here
  44
  45 \item[How to test:]
  46
  47 After restarting the server run the following query to see if the ssl settings are correct:
  48 \begin{lstlisting}[breaklines]
  49 show variables like '%ssl%';
  50 \end{lstlisting}
  51
  52
  53 \end{description}
  54
  55
  56
  57
  58
  59
  60 \subsubsection{DB2}
  61 \todo{write this}
  62
  63
  64
  65
  66
  67 \subsubsection{Postgresql}
  68
  69 \begin{description}
  70 \item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1
  71
  72 \item[References:]
  73
  74 It's recommended to read
  75
  76 {\small \url{http://www.postgresql.org/docs/X.X/interactive/runtime-config-connection.html\#RUNTIME-CONFIG-CONNECTION-SECURITY}}
  77 (please change X.X with your preferred version e.g. 9.1).
  78
  79 \item[Settings:] \mbox{}
  80
  81
  82 To start in SSL mode the server.crt and server.key must exist in the server's data directory \$PGDATA.
  83
  84 Starting with version 9.2, you have the possibility to set the path.
  85
  86 \begin{lstlisting}[breaklines]
  87 ssl_key_file = '/your/path/server.key'
  88 ssl_cert_file = '/your/path/server.crt'
  89 ssl_ca_file = '/your/path/root.crt'
  90 \end{lstlisting}
  91
  92 \paragraph*{postgresql.conf}\mbox{}\\
  93
  94 \begin{lstlisting}[breaklines]
  95 #>=8.3
  96 ssl = on
  97 ssl_ciphers = 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA'
  98 \end{lstlisting}
  99
 100
 101
 102 \item[How to test:]
 103 To test your ssl settings, run psql with the sslmode parameter:
 104 \begin{lstlisting}[breaklines]
 105 psql "sslmode=require host=postgres-server dbname=database" your-username
 106 \end{lstlisting}
 107
 108 \end{description}
 109
 110
 111
 112
 113 \subsubsection{Informix}
 114 \todo{write this}