You are here: Client-Server > Using SSL For Client-Server Communication

Using SSL For Client-Server Communication

With the default settings db4o client-server communication is not encrypted and thus can potentially be a dangerous security hole. db4o supports SSL for client server communication. The implementation uses the pluggable socket to provide secure sockets.

The SSL-communication uses the standard Java Secure Socket Extensions, which are part of the normal JRE. You take a look a to full documentation here.

You simply need to add the SSLSupport on the server and the clients and you done. The default-implementation uses the default SSLContext for the client and the server.

ServerConfiguration configuration = Db4oClientServer.newServerConfiguration();
configuration.common().add(new SSLSupport());
SSLExample.java: Add SSL-support to the server
ClientConfiguration configuration = Db4oClientServer.newClientConfiguration();
configuration.common().add(new SSLSupport());
SSLExample.java: Add SSL-support to the client

Of course you also can build your own SSLContext with the Java API. After you've build the SSL-Context, you can pass it to the SSLSupport-constructor. Read in the Java documentation how to build a proper SSLContext:

// You can build your own SSLContext and use all features of Java's SSL-support.
// To keep this example small, we just use the default-context instead of building one.
SSLContext context = SSLContext.getDefault();


ServerConfiguration configuration = Db4oClientServer.newServerConfiguration();
configuration.common().add(new SSLSupport(context));
SSLExample.java: You can build up a regular SSL-Context and us it