Secure replication?

[vtkougrr <vt...@gmail.com>]

I'm using embedded Derby in a secure environment (FIPS).  I would like to
enable replication to provide failover support, but I need to better
understand the security of the connections used during replication.  Can the
replication connection be encrypted?  And which/how many ports are used for
replication, is it just the port specified when defining the master/slave
configuration (port 4851 by default), or are others involved also?

Thanks!



--
View this message in context: http://apache-database.10148.n7.nabble.com/Secure-replication-tp143712.html
Sent from the Apache Derby Developers mailing list archive at Nabble.com.

Re: Secure replication?

[Rick Hillegas <ri...@gmail.com>]

On 1/29/15 8:12 AM, vtkougrr wrote:
> I'm using embedded Derby in a secure environment (FIPS).  I would like to
> enable replication to provide failover support, but I need to better
> understand the security of the connections used during replication.  Can the
> replication connection be encrypted?
I have not tried this. However, in theory, ordinary Java SSL/TLS 
encryption ought to work. You may need to boot both sides of the 
connection with the Derby "-ssl peerAuthentication" flag. For more 
information on protecting Derby network connections, see the section on 
"Configuring SSL/TLS" in the Derby Security Guide: 
http://db.apache.org/derby/docs/10.11/security/csecssl.html

Hope this helps,
-Rick
>    And which/how many ports are used for
> replication, is it just the port specified when defining the master/slave
> configuration (port 4851 by default), or are others involved also?
>
> Thanks!
>
>
>
> --
> View this message in context: http://apache-database.10148.n7.nabble.com/Secure-replication-tp143712.html
> Sent from the Apache Derby Developers mailing list archive at Nabble.com.
>