You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[[ PostgreSQL SSL ]] Updated revOpenDatabase to handle the SSL connection options as key value pairs.
It was decided that key=value parameters were easier to use than one specific parameter per SSL option.
Now any number of additional paramters can be passed to revOpenDatabase (for PostgreSQL connections) each specifying an SSL option in the form option_name=option_value.
The docs note and dictionary entry have been updated accordingly.
get revOpenDatabase("mysql", "localhost", "dbName", myUsr, myPass, false, "/var/mysql.sock", 1, true)
41
41
42
42
Example:
43
-
get revOpenDatabase("postgresql", "192.168.1.100", "dbName", myUsr, myPass, "require")
43
+
get revOpenDatabase("postgresql", "192.168.1.100", "dbName", myUsr, myPass, "sslmode=require", "sslcompression=0")
44
44
45
45
Parameters:
46
46
host (string): A string specifying the IP address or domain name of the system hosting the database. For SQLite databases, the host should be the full path to the database file.
@@ -67,19 +67,21 @@ databaseType (enum): A string specifying the database type to use. One of the fo
67
67
- "valentina"
68
68
- "sqlite"
69
69
filename: (SQLite Only) A string specifying the path to the SQLite database.
70
-
sslmode: (PostgreSQL Only) A string specifying the SSL connection mode to use. There are 6 options:
71
-
- "disable": Only try a non-SSL connection.
72
-
- "allow": First try a non-SSL connection; if that fails, try an SSL connection.
73
-
- "prefer": First try an SSL connection; if that fails, try a non-SSL connection.
74
-
- "require": Only try an SSL connection. If a root CA file is present, verify the certificate in the same way as if verify-ca was specified.
75
-
- "verify-ca": Only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA).
76
-
- "verify-full": Only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server host name matches that in the certificate.
77
-
If no SSL mode is specified, the default will be "prefer" is the security library can be loaded, "disable" otherwise.
78
-
sslcompression: (PostgreSQL Only) A string specifying the any SSL compression to use. If set to "1" (default), data sent over SSL connections will be compressed. If set to "0", compression will be disabled. This parameter is ignored if a connection without SSL is made. Compression uses CPU time, but can improve throughput if the network is the bottleneck. Disabling compression can improve response time and throughput if CPU performance is the limiting factor.
79
-
sslcert: (PostgreSQL Only) A string specifying the file name of the client SSL certificate, replacing the default ~/.postgresql/postgresql.crt. This parameter is ignored if an SSL connection is not made.
80
-
sslkey: (PostgreSQL Only) A string specifying the location for the secret key used for the client certificate. This parameter is ignored if an SSL connection is not made.
81
-
sslrootcert: (PostgreSQL Only) A string specifying the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. The default is ~/.postgresql/root.crt.
82
-
sslcrl: (PostgreSQL Only) A string specifying the file name of the SSL certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. The default is ~/.postgresql/root.crl.
70
+
sslOption (string): (PostgreSQL Only) A string of the form "key=value" specifying the SSL options to use when connecting. The key is the name of the option you want to set, the value is the value you want the option to take. Any number of key value pairs can be specified, each in a new parameter. The set of recognized SSL option and their expected values are as follows:
71
+
- **"sslmode"**: A string specifying the SSL connection mode to use. There are 6 options:
72
+
- "disable": Only try a non-SSL connection.
73
+
- "allow": First try a non-SSL connection; if that fails, try an SSL connection.
74
+
- "prefer": First try an SSL connection; if that fails, try a non-SSL connection.
75
+
- "require": Only try an SSL connection. If a root CA file is present, verify the certificate in the same way as if verify-ca was specified.
76
+
- "verify-ca": Only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA).
77
+
- "verify-full": Only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server host name matches that in the certificate.
78
+
79
+
If no SSL mode is specified, the default will be "prefer" if the security library can be loaded, "disable" if not. If you use SSL connections in a standalone application, remember to select 'SSL Encryption' from among the available 'script libraries' in the standalone application settings panel.
80
+
- **"sslcompression"**: A string specifying the any SSL compression to use. If set to "1" (default), data sent over SSL connections will be compressed. If set to "0", compression will be disabled. This parameter is ignored if a connection without SSL is made. Compression uses CPU time, but can improve throughput if the network is the bottleneck. Disabling compression can improve response time and throughput if CPU performance is the limiting factor.
81
+
- **"sslcert"**: A string specifying the file name of the client SSL certificate, replacing the default ~/.postgresql/postgresql.crt. This parameter is ignored if an SSL connection is not made.
82
+
- **"sslkey"**: A string specifying the location for the secret key used for the client certificate. This parameter is ignored if an SSL connection is not made.
83
+
- **sslrootcert"**: A string specifying the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. The default is ~/.postgresql/root.crt.
84
+
- **"sslcrl"**: A string specifying the file name of the SSL certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. The default is ~/.postgresql/root.crl.
83
85
84
86
Returns:
85
87
The <revOpenDatabase> function returns a database ID which can be used to refer to the database in other Database library commands and functions. The database ID is always an integer.
@@ -92,7 +94,7 @@ Use the <revOpenDatabase> function to start working with a database.
92
94
93
95
>*Important:* The revOpenDatabase function is part of the Database library. To ensure that the function works in a standalone application, you must include this custom library when you create your standalone. In the Inclusions section of the General screen of the Standalone Application Settings window, make sure the Database Support checkbox is checked and the database drivers you are using are selected in the list of database drivers.
94
96
95
-
>*Important:* If you are using any of the MySQL or PostgreSQL SSL connection options, make sure to select 'SSL Encryption' from among the available 'script libraries' in the standalone application settings panel.
97
+
>*Important:* If you are using any of the MySQL or PostgreSQL SSL connection options in a standalone application, make sure to select 'SSL Encryption' from among the available 'script libraries' in the standalone application settings panel.
The PostgreSQL database driver has been updated to support secure connections. The desired SSL connection mode can be specified in the sixth parameter of revOpenDatabase.
3
+
The PostgreSQL database driver has been updated to support secure connections. The desired SSL connection options can be specified as key value pairs in the additional parameters of revOpenDatabase.
4
4
5
5
The syntax for connecting to PostgreSQL databases is now as follows:
0 commit comments