-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] [New feature] Add tls transfer encryption for database connections #26375
[4.0] [New feature] Add tls transfer encryption for database connections #26375
Conversation
@alikon @andrepereiradasilva @twister65 Could you test this PR? |
thanks. Will test when possible. Just some early coments:
|
@andrepereiradasilva That's why I've added this information to the "..._DESCR" language strings. But you are right, the title could be changed. Will do that, especially because it seems to me that these "..._DESCR" language strings aren't used anywhere. Maybe @brianteeman could have a look at the language strings? |
Suggestion: It's just a matter of adding a spacer field after the
|
Co-Authored-By: Brian Teeman <brian@teeman.net>
Co-Authored-By: Brian Teeman <brian@teeman.net>
@infograf768 Would be the first spacer in that xml, and it does not look nice on small screens (mobile). So I leave that decision for later. |
@infograf768 The whole Global Settings would look better if the switchers and text fields and drop down selects all would have the same height. But that's another issue .. it just becomes very visible when I apply your suggestion so the "Verify .." switcher is right beside the "Connection Encryption" drop down on a large screen. |
Thanks @brianteeman for language strings review. |
I don't have step 1 configured. Performed step 2-4. Here is the error for step 4: |
@Quy Did you do step 3 composer update to get the latest version of the database framework package? |
Yes, |
@Quy Could you check composer.lock, if it contains same version as the one in this PR for the database package? |
@Quy If yes and composer.lock is ok, then it needs maybe a |
@Quy That error normally comes only when the database package is not up to date enough to have that function, like it was for me before I did the composer update. Could you try composer install? Maybe update does nothing if composer.lock is already updated? |
I just did
|
Here is from the Log:
|
Co-Authored-By: Brian Teeman <brian@teeman.net>
@andrepereiradasilva You are right that some information has to be documented somewhere. We have to do that at the help pages or on the docs wiki or both. The |
The documentation will happen if you write it - you guys are the best people to write it because you are the ones who understand it the most. Ideally any new feature should have documentation with it as a requirement before it can be finally merged |
@brianteeman I agree, but I would not be the ideal writer. @andrepereiradasilva knows the feature better than I do. Maybe we can do that together and I can put it on the wiki. For today I have to finish, gotta work tomorrow morning. And then I have primary focus still on database datetime stuff. Next weekend I could find time, I hope. We stay in contact, Andre. |
@twister65 and other potential testers: I've updated the patched full install zip package linked in the testing instructions for those who do not have a git repository clone with composer and so on. PR should be ready for testing now. |
@Quy please add the documentation required label |
It would be great to add a RFT (Ready For Test) label for Joomla's PRs 🤔 |
@twister65 Well, if I had known that it takes several iterations to make it ready for testing, I would have made this PR as draft PR first and then later at the end marked it as ready for review, which means "undraft". But if that happens too early, there is no way back to switch from normal PR back to draft, and so you are again where we are now. This switching back from draft to not draft is a functionality requested by users of GitHub but not impemented yet. |
I think texts should be ok now. Thanks @brianteeman for the reviews. |
@andrepereiradasilva I will try to find time on weekend to write some documentation. If not this weekend, then the next one. I'll ping you for a review at the end before I'll publish, but you shouldn't have much work with it. |
…yption-for-db-connections
Solved conflicts. |
Thanks! |
Updated section "Documentation Changes Required" of the description by what I think that is necessary. |
Pull Request for Issue # .
Summary of Changes
Add option to global config to enable and configure data in transit encryption with TLS in MySQLi/PDO MySQL/PDO PostgreSQL drivers.
Add info about this encryption to sysinfo and privacy status module.
Update database framework package to the latest version which supports this feature.
Thanks to @andrepereiradasilva for the implementation the support for this feature in the database framework (PR's joomla-framework/database#177 and joomla-framework/database#183) and for almost all of the code for this PR.
Testing Instructions
Pre-condition: Set up your database server to support encrypted connections.
Links to some helpful documentation:
Method 1 - this requires composer to be installed
Apply this Pull Request (PR) on an existing installation of a clean 4.0-dev, using the database server prepared in step 1.
Do a
composer update joomla/database
to update the database framework package to the latest version.Login to backend and change database server in global config server tab from localhost to the full hostname (fqdn) of that server and make sure it can be accessed in that way. E.g. it might be necessary to add it to your hosts file or dns for proper name to ip resolving. The reason for this is that server certificates will normally not be made for localhost.
Check the System Information view.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Method 2 - use a patched nightly built
Download the nightly build package of today, October 12, 2019, patched with the changes of this PR plus the updated database package from framework here: https://test5.richard-fath.de/Joomla_4.0.0-alpha12-dev-Development-Full_Package_2019-10-14_pr-26375.zip.
Install Joomla with the package downloaded in step 1. When specifying the database server don't use localhost, use the full hostname (fqdn) of that server and make sure it can be accessed in that way. E.g. it might be necessary to add it to your hosts file or dns for proper name to ip resolving. The reason for this is that server certificates will normally not be made for localhost.
Check the System Information view.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Result: See section "Expected result" below.
Expected result
System Information
Privacy Status module
Global Configuration, tab "Server", section "Database Settings"
Actual result
Nothing of the above.
Documentation Changes Required
It needs at least to extend the documentation of the server section of Global Configuration, the Privacy Dashboard Module and the System Information view by the new fields.
In addition a documentation about setting up the particular kinds of encrypted server connections could be helpful.