Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the TrustServerCertificate parameter for MS ODBC Driver #698

Closed
grieve54706 opened this issue Oct 3, 2024 · 2 comments
Closed

Add the TrustServerCertificate parameter for MS ODBC Driver #698

grieve54706 opened this issue Oct 3, 2024 · 2 comments
Assignees
@himanshu634
Labels
feature-request good first issue Good for newcomers hacktoberfest hacktoberfest-accepted

Comments

@grieve54706
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Yes, the current implementation of the MS ODBC Driver in wren-engine enforces server certificate validation by default. This default behavior causes connectivity issues for users who do not have server certificate validation enabled, preventing them from successfully establishing connections.

Describe the solution you'd like
Introduce the TrustServerCertificate parameter within the connectionInfo.kwargs JSON configuration. By setting "TrustServerCertificate": "YES", users can bypass the default server certificate validation, allowing them to connect using the MS ODBC Driver without encountering validation errors. This parameter will be passed to wren-engine, enabling the use of the updated driver configuration.

Describe alternatives you've considered

  • Disabling Certificate Validation Globally: While this would resolve the immediate connectivity issue, it compromises the security of the connection by exposing it to potential man-in-the-middle attacks.
  • Manual Configuration by Users: Requiring users to manually adjust their driver settings to disable certificate validation adds complexity and potential for misconfiguration, leading to inconsistent user experiences.
  • Providing Detailed Documentation: Enhancing documentation to guide users on how to disable certificate validation. However, this does not address the root cause and relies on users taking additional steps.

Additional context
Implementing the TrustServerCertificate parameter provides a flexible and secure way for users to opt-in to bypassing certificate validation when necessary. This change ensures compatibility with environments where certificate validation is not feasible, without forcing all users to disable a critical security feature. Below is an example of the JSON configuration to be passed to wren-engine:

{
  "connectionInfo": {
    "kwargs": {
      "TrustServerCertificate": "YES"
    }
  }
}

This update will allow wren-engine to utilize the new driver settings seamlessly, enhancing the overall user experience and connectivity reliability.
@himanshu634
Copy link
Contributor

@wwwy3y3 Can I take this?

@wwwy3y3
Copy link
Member

wwwy3y3 commented Oct 4, 2024

@himanshu634 assigned!

@himanshu634 himanshu634 mentioned this issue Oct 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@himanshu634 himanshu634

Labels
feature-request good first issue Good for newcomers hacktoberfest hacktoberfest-accepted
Projects
Wren AI Public Roadmap
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wwwy3y3 @grieve54706 @andreashimin @himanshu634