From 1cfc415b7a72b6d78414f50116c0714329f2015c Mon Sep 17 00:00:00 2001 From: Razvan Becheriu Date: Wed, 9 Jul 2025 18:19:33 +0300 Subject: [PATCH] [#3927] updated documentation --- doc/sphinx/arm/database-connectivity.rst | 2 ++ doc/sphinx/arm/security.rst | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/sphinx/arm/database-connectivity.rst b/doc/sphinx/arm/database-connectivity.rst index 7087dc0ce4..e50dcff96d 100644 --- a/doc/sphinx/arm/database-connectivity.rst +++ b/doc/sphinx/arm/database-connectivity.rst @@ -101,3 +101,5 @@ Currently the support for each database is: - PostgreSQL supports the whole set, except ``cipher-list``, additional configuration must be done in the client library (libpq). Anything else must be done in the PostgreSQL local configuration. + +For more details about securing the database connection, see :ref:`sec-database-connection`. diff --git a/doc/sphinx/arm/security.rst b/doc/sphinx/arm/security.rst index 9605e2b4d0..ae856e4e3f 100644 --- a/doc/sphinx/arm/security.rst +++ b/doc/sphinx/arm/security.rst @@ -357,6 +357,8 @@ Limiting user permission to read or write the Kea configuration file is an impor ``config-write`` command) to the same directory as the config file used when starting Kea (passed as a ``-c`` argument). +.. _sec-database-connection: + Securing Database Connections ----------------------------- @@ -371,7 +373,7 @@ in the configuration file.** Depending on the database configuration, it is also possible to verify whether the system user matches the database username. Consult the MySQL or PostgreSQL manual for details. -Kea supports client TLS settings for MySQL database and it must be +Kea supports client SSL/TLS settings for MySQL database and it must be configured explicitly for all used connections (configuration, reservations, leases, forensic logging).