Tiberius
A native Microsoft SQL Server (TDS) client for Rust.
Supported SQL Server versions
Version | Support level | Notes |
---|---|---|
2019 | Tested on CI | |
2017 | Tested on CI | |
2016 | Should work | |
2014 | Should work | |
2012 | Should work | |
2008 | Should work | |
2005 | Should work | With feature flag tds73 disabled. |
Documentation
The system should work with the Docker and Azure versions of SQL Server without trouble. For installing with Windows systems, please don't forget the following things:
Feature flags
Flag | Description | Default |
---|---|---|
tls |
Enables TLS support. | enabled |
chrono |
Support for Chrono's datetime structures. | enabled |
tds73 |
Support for new date and time types in TDS version 7.3. Disable if using version 7.2. | enabled |
rust_decimal |
Read and write numeric /decimal values using rust_decimal 's Decimal . |
disabled |
Enable TCP for SQL Server
As of now only TCP is supported, which is disabled by default.
Make sure to enable TCP in your MSSQL
settings.
Encryption (TLS/SSL)
a) Make sure to use a trusted certificate
Make sure the certificate your using is trusted by your local machine.
To create a self-signed certificate that is trusted you can use the following powershell:
$cert = New-SelfSignedCertificate -DnsName $serverName,localhost -CertStoreLocation cert:\LocalMachine\My
$rootStore = Get-Item cert:\LocalMachine\Root
$rootStore.Open("ReadWrite")
$rootStore.Add($cert)
$rootStore.Close();
You also have to change the certificate in the SQL Server settings.
In a production setting you likely want to use a certificate that is issued by a
CA.
b) Disable certificate validation by using TrustServerCertificate=true
in your connection string (requires 0.2.2)
c) Alternatively: Disable Encryption for LOCALHOST
For a connection to localhost, which will never leave your machine, it's safe to disable encryption.
Currently this is only possible by doing someting like the following in your cargo.toml
:
= { = "0.X", =false, =["chrono"] }
This will disable encryption for your ENTIRE crate
Securing Windows Authentication over TCP (non-localhost)
To ensure Windows-Authentication
is secure, enable Extended-Protection
.
Channel-Bindings only work when Force Encryption
and Extended Protection
are enabled in the SQL Server Settings as described here.
It also leads to SPN's being used, which makes replay attacks harder.
Not supported yet.
SQL Type Mappings
Any nullable type should be accessed as Option<T>
where T is any Rust Type
listed below. This table unfortunately still is very incomplete, if you have a
question about a specific type please create an issue, which will make this
table grow.
SQL Type | Rust Type | Feature | |
---|---|---|---|
NVARCHAR, BigVarChar | &str | ||
uniqueidentifier | tiberius::ty::Guid | ||
DATETIME | tiberius::ty::DateTime | ||
DATETIME2 | tiberius::ty::DateTime2 | ||
DATETIME,DATETIME2 | chrono::NaiveDateTime | chrono | Support for versions below 7.4 (to 7.2 so that everything >= SQL Server 2008 works) is desired. |
Supported Connection String Parameters
Not every parameter is supported yet. Below is a list of all parameters supported.
Parameters | Description |
---|---|
server | The name or network address of the instance of SQL Server to which to connect. The port number can be specified after the server name. |
integratedsecurity | Toggle between Windows authentication and SQL authentication. |
uid, username, user | The SQL Server login account. |
password, pwd | The password for the SQL Server account logging on. |
database | The name of the database. |
trustservercertificate | Specifies whether the driver trusts the server certificate when connecting using TLS. |
encrypt | Specifies whether the driver uses TLS to encrypt communication. |
Old State (v0.1)
The old state can be found in the "old" branch (click me)