With the default settings db4o client-server communication is not encrypted and thus can potentially be a dangerous security hole. db4o supports SSL for client server communication. The implementation uses the pluggable socket to provide secure sockets.
The SSL-communication uses the standard Java Secure Socket Extensions, which are part of the normal JRE. You take a look a to full documentation here.
You simply need to add the SSLSupport on the server and the clients and you done. The default-implementation uses the default SSLContext for the client and the server.
ServerConfiguration configuration = Db4oClientServer.newServerConfiguration();
configuration.common().add(new SSLSupport());
ClientConfiguration configuration = Db4oClientServer.newClientConfiguration();
configuration.common().add(new SSLSupport());
Of course you also can build your own SSLContext with the Java API. After you've build the SSL-Context, you can pass it to the SSLSupport-constructor. Read in the Java documentation how to build a proper SSLContext:
// You can build your own SSLContext and use all features of Java's SSL-support. // To keep this example small, we just use the default-context instead of building one. SSLContext context = SSLContext.getDefault(); ServerConfiguration configuration = Db4oClientServer.newServerConfiguration(); configuration.common().add(new SSLSupport(context));