Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0041638
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] A. Platformmajorhave not tried2019-08-13 09:302019-08-13 09:31
ReportershuehnerView Statuspublic 
Assigned Toplatform 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0041638: Not possible to configure jdbc connection to Postgres using SSL in a usable way

DescriptionIn some scenarios it is wanted to use SSL encryption between the application and the database which is a feature supported by jdbc.

Currently openbravo does not allow to configure this in any usable way and relies on workarounds getting it to work only partially.

To configure it using postgres database it is requried to add ssl=true connection parameter when creating the database connection.

Openbravo currently constructs a jdbc URL String to connect to the database. In that URL connection properties come at the end of the String.

Currently people use the fact and in most connections the bbdd.sid line from Openbravo.properties (database name) is the last value used to build said URL and just change it from i.e.

bbdd.sid=openbravo
to
bbdd.sid=openbravo?ssl=true

While that makes typical things work with SSL it immediately causes some regressions and other code assuming (correctly) that bbdd.sid is the database name now needs to strip out that extra values (i.e. openbravo-backup scripts where patched to do that).

Other side-effects:
- install.source has code not using above database name as it needs to create the database initially. Meaning that code will not use SSL and when ssl is required on db side cause issues like 41296.
- Other code may connect to jdbc differently than assumed above and again miss to use SSL i.e. 41314.
Steps To ReproduceSetup postgres database with SSL connection and configure pg_hba.conf to use 'hostssl' effectively requiring SSL to be used.
Proposed SolutionAdd a new Openbravo.properties line i.e. bbdd.params to define any jdbc connection parameter (like ssl).

Find & fix every code creating a database connection to properly use that new parameter.
At least:
- pi code running Openbravo itself (in tomcat)
- every build.xml target working with the database

Ideally also:
- automation/pi
- automation/pi-mobile
- scripts used in CI

The last 3 are important if we ever want to add automated tests for this scenario (ssl required on jdbc level)
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0041296 newplatform [19Q3] install source not working if the DB is in a different machine and SSL connection is required 
blocks defect 0041314 newplatform [19Q3] [HA] Error while trying to update a HA context via the Module Console 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-08-13 09:30 shuehner New Issue
2019-08-13 09:30 shuehner Assigned To => platform
2019-08-13 09:30 shuehner Modules => Core
2019-08-13 09:30 shuehner Triggers an Emergency Pack => No
2019-08-13 09:30 shuehner Relationship added blocks 0041296
2019-08-13 09:31 shuehner Relationship added blocks 0041314


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker