We recently had a question posted on another blog article that I felt the answer desired a post of its own.
The question was “Hi Pete, what about a step-by-step guide to setup connections over https? Is it safe nowadays to connect a remote HFSQL / SCM server just on http? Also seems there is no way to setup an https connection on desktop HFSQL Control Center, or is it any way?”
The answer is….
First of all, unless you are using the web-based admin, you really aren’t using HTTP to connect to the database, you are using a native TCPIP connection over Port 4900.
You can further encrypt that connection but that isn’t quite the same thing as HTTPS. When you define a user’s rights to the database, you can define it to only allow the connection with encryption, it’s listed on the user’s rights, for a database (you have to set it for each user/database combination)
When you establish a connection to the database, there is a ..CryptMethod property that you have to set to the type of encryption you want to use.
So other than changing a setting in the user permissions, and changing a property in your applications connection variable there isn’t anything you have to configure on the server. Based on my testing, the HF control center must automatically use encryption because I see no setting for it, and my test user was able to connect using HF Control Center. However in my application, if I didn’t include the ..CryptMethod the user was unable to connect and got an error saying
Once I added the ..CryptMethod property likes below, the application was again able to connect.
DBConnection..CryptMethod = hCryptRC5_16
BTW, you can also encrypt the database itself, but that is another topic.