Details
-
Type:
Task
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.1.2
-
Fix Version/s: 1.1.3
-
Component/s: None
Description
Currently the MariaDB Java Client JDBC driver has two validation modes for server certificates. It can either use:
1) The default JVM key store. This is the default option.
2) It can accept all remote certificates without validation. This is done by setting the "trustServerCertificate" property to a non-null value.
When using self-signed certificates for the server neither of these is acceptable. Option #1 will not validate as the certificate is not signed by a trusted certificate authority. Option #2 is inherently insecure and is susceptible to a man in the middle attack.
The JDBC driver should allow users to validate the server against a predefined server certificate.