File/FTP, JDBC, JMS, and Mail Adapters

Use

The common feature of adapters in this section is that the external protocol provides a generic data store. From this data store the data is read and transformed into an XI message on the inbound side, and to this data store the data contained in an XI message is written on the outbound side.

	File	FTP	JDBC	JMS	Mail
Data store	NFS file system	FTP server	JDBC database	JMS queuing system	Mail server
Access protocol	Specific to operating system or file system. May use operating system functions to secure access.	FTP/FTPS Secure FTP (FTPS) should be used if possible.	Specific to JDBC database provider. Access should be secured if supported by the provider.	Specific to JMS queuing system provider. Access should be secured if supported by the provider.	IMAP4, POP3, SMTP. All protocols should be secured with SSL. S/MIME and user authentication are supported.

File

FTP

JDBC

JMS

Mail

Data store

NFS file system

FTP server

JDBC database

JMS queuing system

Mail server

Access protocol

Specific to operating system or file system.

May use operating system functions to secure access.

FTP/FTPS

Secure FTP (FTPS) should be used if possible.

Specific to JDBC database provider.

Access should be secured if supported by the provider.

Specific to JMS queuing system provider.

Access should be secured if supported by the provider.

IMAP4, POP3, SMTP.

All protocols should be secured with SSL.

S/MIME and user authentication are supported.

Note

The FTP adapter is the variant of the File adapter in which the transport protocol of the corresponding channel of type File is set to FTP .

The connection to the data store is always established from the Advanced Adapter Engine; both read and write access are required for the inbound and the outbound side. The user who actually reads from or writes to the data store can be defined in the adapter-specific sender or receiver channel. The user can also be an anonymous technical user under which the AS Java process of the Advanced Adapter Engine is running.

Recommendation

If possible, the connection between the JMS server and the adapter should also be encrypted, if this is supported by the JMS client library. This depends on the messaging provider and the client library used and is not part of this documentation.

From a security perspective, only necessary authorizations should be given to these users (least privilege principle).

The following table summarizes the access data for the data store of both the sender inbound side and the receiver outbound side.

	File	FTP	JDBC	JMS	Mail
User on inbound side	AS Java process user	Configured in File (FTP) sender channel	Configured in JDBC sender channel	Configured in JMS sender channel	Configured in mail sender channel
User authority on data store	Read and write access to configured file/directory	Read and write access to configured file/directory	Read and write access to configured database tables	Read and write access to configured queues	imap4 or pop3 access rights for reading and deleting messages in the configured folder
User on outbound side	AS Java process user	Configured in File (FTP) receiver channel	Configured in JDBC receiver channel	Configured in JMS receiver channel	Configured in mail receiver channel
User authority on outbound side	Read and write access to configured file/directory	Read and write access to configured file/directory	Read and write access to configured database tables	Read and write access to configured queues	smtp or imap4 access rights for sending messages (smtp) or storing messages in the configured folder (imap4)

Providing Credentials for Database Access in the JDBC Adapter

Use the fields in the JDBC adapter configuration to provide user name and password for database access. Do not provide the credentials in the connection address because they might get written to the audit log in plain text.

More information