cancel
Showing results for 
Search instead for 
Did you mean: 

How do I set up a TYPE RAW web service to use HTTPS?

Breck_Carter
Participant
2,987

I have a number of TYPE RAW HTTP web services in SQL Anywhere 11, defined thusly:

CREATE SERVICE service_name TYPE 'RAW'
   AUTHORIZATION OFF USER user_name
   AS CALL procedure_name ( 
      :parameter1,  
      :parameter2 ); 

I would like to enable the use of HTTPS when connecting from a browser.

What do I have to code...

  • in the CREATE SERVICE statement,
  • on the dbsrv11 command line, and
  • in the browser URL?

Will I still be able to use HTTP by (for example) restarting the server with different parameters, without having to recompile the CREATE SERVICE?

Accepted Solutions (1)

Accepted Solutions (1)

MarkCulp
Participant

You must first add SECURE ON to your web service declaration to ensure that only HTTPS is used to access it. Without SECURE ON the web service can be used by both HTTP and HTTPS connections. E.g.

CREATE SERVICE service_name TYPE 'RAW'
   AUTHORIZATION OFF USER user_name SECURE ON
   AS CALL procedure_name ( 
      :parameter1,  
      :parameter2 ); 

You must also start the database server with the -xs HTTPS switch and specify a certificate using the identity and identity_password options. E.g.

dbsrv12 -xs https{Identity=certificate.id;Identity_Password=mypw} mydb.db

To use your web service from a browser, simply specify the HTTPS URL to the web service. E.g.

https://localhost/service_name

or, if you are running more than one database on your database server (and you did not specify the DBN option in the -xs https parameter), you will need to specify the database name in your URL. E.g.

https://localhost/mydb/service_name

If you started the server and gave a different port number (e.g. -xs https{port=1234,...etc...}) then you will need to give the port number in the browser URL. Note the default for HTTPS is 443. E.g. If port=1234 was specified, use:

https://localhost:1234/mydb/service_name

You can read more about this in the SA 12 documentation.

Breck_Carter
Participant
0 Kudos

What if I omit SECURE ON, but start the engine with only -xs https? Will client browsers be able to use HTTP? I am hoping to be able to switch between http and https be only restarting the server, not making code changes (SECURE ON).

MarkCulp
Participant

Yes, if SECURE ON is omitted from the web service declaration and the server is started with -xs http{...},https{...} then the web service can be used from both HTTP and HTTPS connections. Without SECURE ON, if the server is started with -xs http{...} then the web service can be used from HTTP connections and if the server is started with -xs https{...} then the web service can be used from HTTPS connections. No web service definition changes are required.

Breck_Carter
Participant

Once again, "Watcom Does Things The Way They Should Be Done"

Breck_Carter
Participant

To summarize: If you have control over the dbsrv command line (i.e., you control whether the -xs option includes http or just specifies https) then NO SQL CHANGES are required to implement HTTPS. Just get a certificate and code the -xs option. Woohoo!

Baron
Participant
0 Kudos

@mark culp, in case I am starting more than one database under the same database server, is there then a way to allocate a different port for each database? -xs http(port=1234)

VolkerBarth
Contributor
0 Kudos

Wow, you're commenting on a ten year old comment? 🙂

Of course that's fine but I guess it would also qualify as a question on its own.

Breck_Carter
Participant

I'm guessing "no"... -xs is a server option, not a database option.

That leads to these questions:

Will HTTP requests be routed by service name to different databases if different CREATE SERVICE names are used? I'm guessing "yes" because it makes sense... but that might not be what you want.

Is it possible to CREATE SERVICE the same name in two different databases running on the same server? I'm guessing "no"... and that might be what you want to do: use port number to route requests to separate but identical databases on one server.

Investigating that sounds like fun, right, Volker?

VolkerBarth
Contributor
0 Kudos

@Breck: Now I feel unmasked! 🙂

VolkerBarth
Contributor

I guess we have overlooked that detail from Mark's answer:

if you are running more than one database on your database server (and you did not specify the DBN option in the -xs https parameter)...

According to the docs, you can use the "DBN protocol option" within the -xs option to specify either a particular database name or specify whether the client's URL must include the database name it wants to use... That also means IMVHO that different databases on the same server can use web services with the same name - you simply have to specify the DBN then either in that option or the client's URL.

Baron
Participant

@volker bath Thank you!

DBN PROTOCOL OPTION is exactly what I wanted to have! it worked also with SQL ANYWHERE 10

I started one service which starts one Server and under this server I have several databases, and in each of these databases I have the same Webservice, so that by calling the webservice (with same name) I can (with the use of Port number) differentiate with which Database I want to connect

VolkerBarth
Contributor

Well, the real credit should go to @Mark Culp because he has told about that feature (see above), and I'm pretty sure he was responsible for the development of that feature back then, too.

Baron
Participant
0 Kudos

Thank you both, @volker barth & @mark culp

Answers (0)