Documentation Home
MySQL Connector/J 5.1 Developer Guide
Related Documentation Download this Manual
PDF (US Ltr) - 0.6Mb
PDF (A4) - 0.6Mb


5.3.4 Security

  • allowMultiQueries

    Allow the use of ';' to delimit multiple queries during one statement (true/false), defaults to 'false', and does not affect the addBatch() and executeBatch() methods, which instead rely on rewriteBatchedStatements.

    Default Value false
    Since Version 3.1.1
  • useSSL

    Use SSL when communicating with the server (true/false), default is 'true' when connecting to MySQL 5.5.45+, 5.6.26+, or 5.7.6+, otherwise default is 'false'

    Default Value false
    Since Version 3.0.2
  • requireSSL

    Require server support of SSL connection if useSSL=true? (defaults to 'false').

    Default Value false
    Since Version 3.1.0
  • verifyServerCertificate

    If "useSSL" is set to "true", should the driver verify the server's certificate? When using this feature, the keystore parameters should be specified by the "clientCertificateKeyStore*" properties, rather than system properties. Default is 'false' when connecting to MySQL 5.5.45+, 5.6.26+, or 5.7.6+ and "useSSL" was not explicitly set to "true". Otherwise default is 'true'

    Default Value true
    Since Version 5.1.6
  • clientCertificateKeyStoreUrl

    URL to the client certificate KeyStore (if not specified, use defaults)

    Since Version 5.1.0
  • clientCertificateKeyStoreType

    KeyStore type for client certificates (NULL or empty means use the default, which is "JKS". Standard keystore types supported by the JVM are "JKS" and "PKCS12", your environment may have more available depending on what security products are installed and available to the JVM.

    Default Value JKS
    Since Version 5.1.0
  • clientCertificateKeyStorePassword

    Password for the client certificates KeyStore

    Since Version 5.1.0
  • trustCertificateKeyStoreUrl

    URL to the trusted root certificate KeyStore (if not specified, use defaults)

    Since Version 5.1.0
  • trustCertificateKeyStoreType

    KeyStore type for trusted root certificates (NULL or empty means use the default, which is "JKS". Standard keystore types supported by the JVM are "JKS" and "PKCS12", your environment may have more available depending on what security products are installed and available to the JVM.

    Default Value JKS
    Since Version 5.1.0
  • trustCertificateKeyStorePassword

    Password for the trusted root certificates KeyStore

    Since Version 5.1.0
  • enabledSSLCipherSuites

    If "useSSL" is set to "true", overrides the cipher suites enabled for use on the underlying SSL sockets. This may be required when using external JSSE providers or to specify cipher suites compatible with both MySQL server and used JVM.

    Since Version 5.1.35
  • enabledTLSProtocols

    If "useSSL" is set to "true", overrides the TLS protocols enabled for use on the underlying SSL sockets. This may be used to restrict connections to specific TLS versions.

    Since Version 5.1.44
  • allowLoadLocalInfile

    Should the driver allow use of 'LOAD DATA LOCAL INFILE...'?

    Default Value false
    Since Version 3.0.3
  • allowUrlInLocalInfile

    Should the driver allow URLs in 'LOAD DATA LOCAL INFILE' statements?

    Default Value false
    Since Version 3.1.4
  • allowPublicKeyRetrieval

    Allows special handshake roundtrip to get server RSA public key directly from server.

    Default Value false
    Since Version 5.1.31
  • paranoid

    Take measures to prevent exposure sensitive information in error messages and clear data structures holding sensitive data when possible? (defaults to 'false')

    Default Value false
    Since Version 3.0.1
  • passwordCharacterEncoding

    What character encoding is used for passwords? Leaving this set to the default value (null), uses the value set in "characterEncoding" if there is one, otherwise uses UTF-8 as default encoding. If the password contains non-ASCII characters, the password encoding must match what server encoding was set to when the password was created. For passwords in other character encodings, the encoding will have to be specified with this property (or with "characterEncoding"), as it's not possible for the driver to auto-detect this.

    Since Version 5.1.7
  • serverRSAPublicKeyFile

    File path to the server RSA public key file for sha256_password authentication. If not specified, the public key will be retrieved from the server.

    Since Version 5.1.31