Do you encrypt connections?

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for PostgreSQL
Post Reply
drysg
Posts: 28
Joined: Fri 09 Mar 2012 15:10

Do you encrypt connections?

Post by drysg » Thu 29 Aug 2013 16:42

We are getting an with Linq about the connection using the wrong form of encryption. I did not ask for encrypted connections, so I don't know where this is occuring.

What I have found out is that many .NET users use:

SHA256Managed

and the federal government requires that if you do encrypt the Connections, that you use:


SHA256CryptoServiceProvider


Here is how I create the connection to the database:

Code: Select all

        private void makeConnectionString()
        {
            Devart.Common.DbConnectionStringBuilder csb = new Devart.Common.DbConnectionStringBuilder();
            ViewModel vm = ViewModel.myself;
            csb["Host"] = vm.HostName;
            csb["Port"] = vm.PortNumber;
            csb["User Id"] = vm.UserID;
            csb["Password"] = vm.Password;
            csb["Database"] = vm.DataBaseName;
            csb["Max Pool Size"] = 150;
            csb["Connection Timeout"] = 30;
            csb["Default Command Timeout"] = 600;       // ten minutes for one search request
            this.connString = csb.ConnectionString;
        }

drysg
Posts: 28
Joined: Fri 09 Mar 2012 15:10

Re: Do you encrypt connections?

Post by drysg » Thu 29 Aug 2013 17:07

I found that some machines that we deploy to have this setting enabled:

[Start]-->[Administrative Tools]-->[Local Security Policy]-->[Local Policies]-->[Security Options]-->[System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing]

When that is enabled the connection fails. Since we cannot tell the customer to turn off FIPS compliance, what should we do for such customers (how to change the connection?).

Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Re: Do you encrypt connections?

Post by Shalex » Fri 30 Aug 2013 13:19

Thank you for your report. We are investigating the compatibility of dotConnect for PostgreSQL with FIPS.

drysg
Posts: 28
Joined: Fri 09 Mar 2012 15:10

Re: Do you encrypt connections?

Post by drysg » Fri 30 Aug 2013 14:20

I see someone else asked for something similar in a forum:
http://forums.devart.com/viewtopic.php?t=18262


If it helps, I have been told that if you use: SHA256CryptoServiceProvider Class

http://msdn.microsoft.com/en-us/library ... vider.aspx

Then FIPS will work. I have not tested this myself, but it might be a useful option, since we deal with Federal and other government services, and they are locking up their machine with FIPS and other things more and more. So it might be market you don't want to lose.

Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Re: Do you encrypt connections?

Post by Shalex » Fri 18 Oct 2013 10:42

We have fixed the problem in the new (7.0) version of dotConnect for PostgreSQL.

drysg
Posts: 28
Joined: Fri 09 Mar 2012 15:10

Re: Do you encrypt connections?

Post by drysg » Fri 18 Oct 2013 16:22

Tested it, and it is working great.

Thank you so much for this. We are shipping the new version of our system today, I was able to squeeze this into this release!

:D :D :D :D :D :D :D :D :D :D :D :D

Post Reply