SECURITY_CONFIG_CHECK
Returns the status of various security-related parameters. Use this function to verify completeness of your TLS configuration.
Syntax
SECURITY_CONFIG_CHECK( 'db-component' )
Parameters
db-component
|
The component to check. Currently,
|
Example
In this example, SECURITY_CONFIG_CHECK shows that spread encryption and data channel TLS are disabled because EncryptSpreadComm is disabled and the data_channel TLS CONFIGURATION is not configured.
Similarly, client-server TLS is disabled because the TLS CONFIGURATION "server" has a server certificate, but its TLSMODE is disabled. Setting TLSMODE to 'Enable' enables server mode client-server TLS. See TLS Protocol for details.
=> SELECT SECURITY_CONFIG_CHECK('NETWORK'); SECURITY_CONFIG_CHECK ---------------------------------------------------------------------------------------------------------------------- Spread security details: * EncryptSpreadComm = [] Spread encryption is disabled It is NOT safe to set/change other security config parameters while spread is not encrypted! Please set EncryptSpreadComm to enable spread encryption first Data Channel security details: TLS Configuration 'data_channel' TLSMODE is DISABLE TLS on the data channel is disabled Please set EncryptSpreadComm and configure TLS Configuration 'data_channel' to enable TLS on the data channel Client-Server network security details: * TLS Configuration 'server' TLSMODE is DISABLE * TLS Configuration 'server' has a certificate set Client-Server TLS is disabled To enable Client-Server TLS set a certificate on TLS Configuration 'server' and/or set the tlsmode to 'ENABLE' or higher (1 row)