Ventura SQL incorporates mature and effective security features.

Encrypted connections

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.


To enable HTTPS a SSL certificate needs to be installed on the web server.


The HTTPS protocol needs to be specified in the URL of the HttpConnector.


VenturaConfig.DefaultConnector = new HttpConnector("Default", "https://venturatools.com:51437/Ventura.FSPRO");


Unless you are only transporting data over a local intranet, you should always use an encrypted HTTPS connection.

Authentication

Authentication is the process that ensures and confirms a user's identity.


On the client the Username and Password properties of the HttpConnector can be set. With HTTPS is enabled, this data is transmitted to the server over an encrypted connection.


The server receives the username and password in the Custom Request Handler. In the custom request it can also be verified that HTTPS protocol is enabled.

SQL injection impossible

When a client recordset is generated with direct ADO.NET connection support enabled, then you can find SQL script in the source code.


This SQL script is exclusively there for direct ADO.NET connections. This SQL script is NOT used by the server. When the recordset connects to a web server middle-tier, the server will use the SQL statement that is already present on the server instead.


See topic Client and server recordsets

Data Sentry

The Data Sentry functionality runs on the web server. With the Data Sentry you can inspect database data modifications right before the INSERT, UPDATE or DELETE statement is executed. When an illegal operation is detected it can be aborted by simply throwing an Exception.


The Data Sentry automatically detects tampering attempts:

  • Missing primary key values;
  • Attempts to update a column that is not supposed to be updated.