With the default settings db4o client-server communication is not encrypted and thus can potentially be a dangerous security hole. db4o supports SSL for client server communication. The implementation uses the pluggable socket to provide secure sockets.
The SSL communication uses the .NET security libraries to implement the secure communication. Currently only one way authentication is supported, where the server needs to have a valid certificate. Clients-certificates are currently not supported.
On the server you need to add a the server SSL support. Additionally you need to specif the server certificate. This way you can choose from where you want to get the server-certificate. Take a look at the .NET documentation for a more details.
IServerConfiguration configuration = Db4oClientServer.NewServerConfiguration(); // For the server you need a certificate. For example using a certificate from a file X509Certificate2 certificate = new X509Certificate2("cert.cer"); configuration.AddConfigurationItem(new ServerSslSupport(certificate));
Dim configuration As IServerConfiguration = Db4oClientServer.NewServerConfiguration() ' For the server you need a certificate. For example using a certificate from a file Dim certificate As New X509Certificate2("cert.cer") configuration.AddConfigurationItem(New ServerSslSupport(certificate))
On the client you need to use the client SSL support. Add a callback for additional certificate verification.
IClientConfiguration configuration = Db4oClientServer.NewClientConfiguration(); configuration.AddConfigurationItem(new ClientSslSupport(CheckCertificate));
Dim configuration As IClientConfiguration = Db4oClientServer.NewClientConfiguration() configuration.AddConfigurationItem(New ClientSslSupport(AddressOf CheckCertificate))
private static bool CheckCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors) { // here you can check the certificates of the server and accept it if it's ok.) return true; }
Private Shared Function CheckCertificate(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslpolicyerrors As SslPolicyErrors) As Boolean ' here you can check the certificates of the server and accept it if it's ok. Return True End Function