In Database Security Server 4.8.2 and earlier, the web console allows connections via both HTTP and HTTPS.
From version 4.8.3 and later, under new installation scenarios, HTTP was removed in favor of a more secure HTTPS only solution.
NOTE: For existing Database Security Server installations, the existing configuration remains intact when upgrading to 4.8.3 or later.
A user can enable or disable HTTP communication by modifying the “connector” entries in the
conf/server.xml. It’s recommended to disable the HTTP connector for security reasons.
To disable HTTP communication:
- Stop the Database Security Server service.
- Back up the <DatabaseSecurityInstallDir>\conf\server.xml file by copying the file to a safe directory and open the file at <DatabaseSecurityInstallDir>\conf\server.xml.
- Locate the "connector" XML element. There can be more than one element. The HTTP "connector" can be identified as not having a "scheme" attribute.
- The "connector" which has the attribute "scheme="https"" is the secure connector and needs to be retained. Below is an example of an HTTP connector to be disabled:
<Connector port="8080" server="Database Security WebServer"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
maxPostSize="16777216"/>
- Comment out or remove the HTTP connector to disable HTTP communication.
- Save the file.
- Start the Database Security Server service.
NOTE: The
server.xml configuration file for the Database Security Server is in XML format. Commenting and uncommenting a body of text in this file needs to strictly adhere to XML comment tag syntax.
To enable HTTP communication:
- Stop the Database Security Server service.
- Back up the <DatabaseSecurityInstallDir>\conf\server.xml file by copying the file to a safe directory and open the file at <DatabaseSecurityInstallDir>\conf\server.xml.
- Locate the "connector" XML element. There can be more than one element. The HTTP "connector" can be identified as not having a "scheme" attribute.
- The "connector" which has the attribute "scheme="https"" is the secure connector and needs to be retained. Below is an example of an HTTP connector to be enabled:
<!-- http connector has been deprecated.
<Connector port="8080" server="Database Security WebServer"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
maxPostSize="16777216"/>
- Add the HTTP connector to enable HTTP communication.
- Save the file.
- Start the Database Security Server service.