Proxy Software For Macos

Posted on  by 

The Snowflake ODBC driver utilizes both configuration and connection parameters. The methods for setting the parameters are different depending on the environment in which the driver is installed.

In this Topic:

SquidMan is a MacOS X graphical installer and manager for the Squid proxy cache. It is designed to operate as a 'personal' proxy server. When you run Squid on a MacOS X computer, it can: cache downloaded content, reducing network traffic and improving browsing performance on slow links; act as a proxy server for other computers on your subnet.

Setting Parameters in Windows¶

In Windows:

  • Configuration parameters are set in the Windows registry using regedit and the following registry path:

  • Connection parameters are set in Data Source Names (DSNs):

    • DSNs are typically created and edited using the Windows Data Source Administration tool.

    • If you wish, the registry keys for DSNs can be edited directly in the Windows registry using regedit. The registry path to the keys is different depending on whether you’re using 64-bit and32-bit Windows and whether you’re editing a user or system DSN:

      • 64-bit Windows:

      • 32-bit Windows:

      To add a connection parameter using regedit, add a new String Value, double-click on the value you created, then enter the ODBC parameter as the Value name and the parameter valueas the Value data.

Setting Parameters in macOS or Linux¶

In macOS or Linux:

  • Configuration parameters are set in the configuration file (simba.snowflake.ini).

  • Connection parameters are set in the data source name (DSN) file (odbc.ini).

Configuration Parameters¶

LogLevel

Specifies the level of detail logged for clients that use the ODBC driver:

LogPath

Specifies the location of the Snowflake log files for clients that use the ODBCdriver.

CURLVerboseMode

Set to true to enable cURL verbose logging. The log file snowflake_odbc_curl.dmp is created and updated. The Snowflake ODBC driver uses cURL as the HTTP and SSL library. This parameteris useful for diagnosing network issues.

Proxy

Specifies a proxy server in the form of <host>:<port> for clients that use the ODBC driver.

Note

In Windows, entries for LogLevel and LogPath are created and populated with default values when the ODBCdriver is installed; however, an entry for Proxy is not created during install. To specify a proxy to use with the driver,you must manually add the entry to the driver registry key.

To bypass the proxy for one or more IP addresses or URLs, add the NoProxy parameter.

NoProxy

Specifies the hostname patterns to bypass the proxy server (e.g. .amazonaws.com to bypass Amazon S3 access).

Note

The Snowflake ODBC driver passes the NoProxy value to the curl option CURLOPT_NOPROXY. The format of the NoProxy value can be foundhere.

CABundleFile

Set the location of the Certificate Authority (CA) bundle file. Must reference a file that includes a valid list of CA certificates.

For Linux, the RPM and DEB installers automatically copy the file and set this parameter.

For Mac, the PKG installer copies the file and sets this parameter.

For Windows, the MSI installer copies the file and sets this parameter.

A manual installation requires you to download the file from https://curl.haxx.se/docs/caextract.html and set the location of the file.

DisableOCSPCheck

Set to true to disable the TLS/SSL certificate revocation status check by the Online Certificate Status Protocol (OCSP). In normal circumstances, this flag should not set. But if the OCSPavailability problem persists, the application might temporarily set this parameter in order to unblock connectivity issues and remove it when the OCSP availability problem is addressed.

KeepLeadingTrailingZeros

Determines how leading or trailing zeros in numbers formatted as string values are handled. By default, the parameter is set to true,which means the driver retains any leading or trailing zeros. Set the parameter to false to remove leading or trailing zeros, for example:

  • 0.23 is changed to .23

  • 7.00 is changed to 7

Connection Parameters¶

Required Connection Parameters¶

<name> (Data Source)

Specifies the name of your DSN.

uid (User)

Specifies the login name of the Snowflake user to authenticate.

pwd (Password)

A password is required to connect to Snowflake; however, for security and authentication reasons, Snowflake strongly discourages storing password credentials directly within any DSN definition.

Typically, the credentials are passed to the driver programmatically by the client application that is attempting to connect to Snowflake.

Note

In Windows, the ODBC driver displays a Password field in the Data Source Administration tool; however, the driver does not store any values entered in the field. Instead, the driverrequires login credentials to be provided at connection time.

server (Server)

Specifies the hostname for your account in the following format:

account_name.snowflakecomputing.com

However, note that your full account name might include additional segments that identify the region andcloud platform where your account is hosted.

If your account name is xy12345:

Cloud Platform / Region

Full Account Name

AWS

xy12345

xy12345.us-east-2.aws

xy12345.us-east-1

xy12345.us-east-1-gov.aws

xy12345.ca-central-1.aws

xy12345.eu-west-1

xy12345.eu-central-1

xy12345.ap-northeast-1.aws

xy12345.ap-south-1.aws

xy12345.ap-southeast-1

xy12345.ap-southeast-2

GCP

xy12345.us-central1.gcp

xy12345.europe-west2.gcp

xy12345.europe-west4.gcp

Azure

xy12345.west-us-2.azure

xy12345.east-us-2.azure

xy12345.us-gov-virginia.azure

xy12345.canada-central.azure

xy12345.west-europe.azure

xy12345.switzerland-north.azure

xy12345.southeast-asia.azure

xy12345.australia-east.azure

Important

If either of the following conditions is true, your account name is different than the structure described in thisexample:

  • If your Snowflake Edition is VPS, please contactSnowflake Support fordetails about your account name.

  • If AWS PrivateLink is enabled for your account, your account name requires an additional privatelink segment.For more details, see AWS PrivateLink & Snowflake.

port (Port)

Specifies the port on which the driver listens for Snowflake communication.

Note

You do not need to change the default Port value of 443.

Optional Connection Parameters¶

database (Database)

Specifies the default database to use for sessions initiated by the driver.

schema (Schema)

Specifies the default schema to use for sessions initiated by the driver.

Default is public.

warehouse (Warehouse)

Specifies the default warehouse to use for sessions initiated by the driver.

role (Role)

Specifies the default role to use for sessions initiated by the driver. The specified role should be a role that has been assigned to the specified user for the driver. If the specified role does notmatch any of the roles assigned to the user, sessions initiated by the driver have no role initially; however, a role can always be specified from within the session.

tracing (Tracing)

The level of detail to be logged in the driver trace files:

0 = Disable tracing

1 = Fatal only error tracing

2 = Error tracing

3 = Warning tracing

4 = Info tracing

5 = Debug tracing

Facebook messenger for macos. At the time, Facebook said that its unified chat service is going to be a few years away, but it’ll be end-to-end encrypted, just like WhatsApp.

6 = Detailed tracing

Additional Connection Parameters¶

Note

In Windows, these additional connection parameters can be set in the Windows Registry using regedit.

In macOS or Linux, they are set in the odbc.ini file, similar to the rest of the connection parameters.

application

Snowflake partner use only: Specifies the name of a partner application to connect through ODBC.

This parameter can also be set by calling the SQLSetConnectAttr() function. For more details, seeSnowflake-specific behavior of the SQLSetConnectAttr function.

authenticator

Specifies the authenticator to use for verifying user login credentials:

  • snowflake (Default) to use the internal Snowflake authenticator.

  • externalbrowser to use your web browser to authenticate with Okta, ADFS, or any other SAML 2.0-compliant identify provider (IdP) that has been defined for your account.

  • https://<your_okta_account_name>.okta.com (i.e. the URL endpoint for Okta) to authenticate through native Okta (only supported if your IdP is Okta).

    Aug 31, 2018  Simply download the Mojave software again but point it to the same location where you were already downloading and saving the installer app. Part 3: Create a Bootable Mojave USB Drive. In order to create a bootable Mojave USB Installer drive, follow these steps. Step 1: Insert 16GB or above USB drive into your USB port of your Mac. Mac mojave force port 80 for browsersync. Apr 24, 2020  Mac Pro introduced in 2013, plus mid-2010 or mid-2012 models with a recommended Metal-capable graphics card. To find your Mac model, memory, storage space, and macOS version, choose About This Mac from the Apple menu. If your Mac isn't compatible with macOS Mojave, the installer will let you know.

  • oauth to authenticate using OAuth. When OAuth is specified as the authenticator, you must also set the token parameter to specify the OAuth token (see below).

Default is snowflake.

For more information on authentication, see Managing/Using Federated Authentication and OAuth with Clients, Drivers, and Connectors.

token=<string>

Specifies the OAuth token to use for authentication, where <string> is the token. This parameter is required only when the authenticator=oauth parameter is set.

Default is none.

passcode

Specifies the passcode to use for multi-factor authentication.

For more information about multi-factor authentication, see Multi-Factor Authentication (MFA).

passcodeInPassword

Specifies whether the passcode for multi-factor authentication is appended to the password:

  • on (or true) specifies the passcode is appended.

  • off (or false Best gameboy advance emulator mac. ) or any other value specifies the passcode is not appended.

The default value is off.

login_timeout

Specifies how long to wait for a response when connecting to the Snowflake service before returning a login failure error.

Default is 60 seconds.

network_timeout

Specifies how long to wait for a response when interacting with the Snowflake service before returning an error. Zero (0) indicates no network timeout is set.

Default is 0 seconds.

query_timeout

Specifies how long to wait for a query to complete before returning an error. Zero (0) indicates to wait indefinitely.

Default is 0 seconds.

odbc_use_standard_timestamp_columnsize

This boolean parameter affects the column size (in characters) returned for SQL_TYPE_TIMESTAMP.When this parameter is set to true, the driver returns 29, following the ODBC standard. When this parameter is setto false, the driver returns 35, which allows room for the timezone offset (e.g. “-08:00”).

This value can be set via not only the odbc.ini file (Linux or macOS) or the MS-Windows registry, but also theconnection string.

Default is false.

proxy

Specifies the proxy server URL in the format http://<hostname>:<port>/ or <hostname>:<port_number> so that all communications from ODBC use the proxy server.

Note

This parameter is applied to the process. If another connection shares the same process, the proxy setting must be identical or the behavior is not predictable.

no_proxy

Specifies which hostname endings should be allowed to bypass the proxy server (e.g. no_proxy=.amazonaws.com means that Amazon S3 access does not need to go through the proxy).

ProxyProxy software for macos download

This parameter does not support wildcards. Each value specified should be one of the following:

  • The end of a hostname (or a complete hostname), for example:

  • An IP address, for example:

    • 192.196.1.15

If more than one value is specified, values should be separated by commas, for example:

Note

This parameter is applied to the process. If another connection shares the same process, the proxy setting must be identical or the behavior is not predictable.

Compilation Tips¶

Linux¶

  • If a C/C++ application is built with the Snowflake ODBC driver library and loads a non-pthread-compatiblelibrary, the application could crash due to unsafe concurrent access to shared memory. To prevent this,compile the application with the option which ensures that only pthread-compatible libraries are loadedwith the application.

    For gcc/g++, the option is “-pthread”.

macOS¶

  • If a C/C++ application is built with the Snowflake ODBC driver library and loads a non-pthread-compatiblelibrary, the application could crash due to unsafe concurrent access to shared memory. To prevent this,compile the application with the option which ensures that only pthread-compatible libraries are loadedwith the application.

    For clang/clang++, the option is “-pthread”.

Verifying the Network Connection to Snowflake with SnowCD¶

Macos Proxy Bypass

After configuring your driver, you can evaluate and troubleshoot your network connectivity to Snowflake using SnowCD.

You can use SnowCD during the initial configuration process and on-demand at any time to evaluate and troubleshoot your network connection to Snowflake.

Connecting Through a Proxy Server¶

The instructions for configuring a proxy server connection depend on your operating system and driver version:

Operating System

Driver Version

Supported Instructions

Linux

2.16.0 (released May 3, 2018) or higher

2.13.18 (released February 7, 2018) - 2.15.0 (released April 30, 2018)

2.13.17 or lower

macOS

2.16.0 (released May 3, 2018) or higher

2.14.0 (released March 28, 2018) - 2.15.0 (released April 30, 2018)

2.13.21 or lower

Windows

2.16.0 (released May 3, 2018) or higher

2.15.0 (released April 30, 2018)

2.14.0 or lower

Note

The latest versions of ODBC driver, indicated above, support any of the listed configuration options. The options are listedin the order of precedence. If more than one option is defined, the setting with the highest precedence is applied.

Using Connection Parameters¶

To connect through a proxy server, add the following connection parameters to the DSN:

  • proxy

  • no_proxy

For example:

See Connection Parameters for parameter descriptions.

Using Configuration Parameters¶

Note

These parameters are obsoleted (i.e. no longer supported) in recent ODBC driver versions. See the table of supported options inConnecting Through a Proxy Server. As you upgrade your driver, configure your proxy server settings using the environment variablesor connection parameters.

To connect through a proxy server, add the following configuration parameters:

  • Proxy

  • NoProxy

See Configuration Parameters for parameter descriptions.

Proxy Software For Macos Windows 10

Using Environment Variables¶

To connect through a proxy server, configure the following environment variables:

  • http_proxy

  • https_proxy

  • no_proxy

Note

These environment variables are case-sensitive for Linux and macOS, and must be set in lowercase. For Windows, the environment variables are case-insensitive.

For example:

  • Linux or macOS:

    If the proxy server requires a user name and password, include the credentials, for example:

  • Windows:

    If the proxy server requires a user name and password, include the credentials, for example:

Optionally, you can set no_proxy to bypass the proxy for specific communications (e.g. no_proxy=.amazonaws.com to bypass Amazon S3 access).

Using Single Sign-on (SSO) For Authentication¶

If you have configured Snowflake to use single sign-on (SSO), you can configureyour client application to use SSO for authentication. See Using SSO with Client Applications That Connect to Snowflake for details.

Using Key Pair Authentication¶

Snowflake supports using key pair authentication rather than the typical username/password authentication. This authentication method requires a 2048-bit (minimum) RSA key pair. Generate the public-private key pair using OpenSSL. The public key is assigned to the Snowflake user who will use the Snowflake client.

Tip

Snowflake recommends using a long and complex password based on PCI DSS standards to protect the locally generated private key.

Follow these steps to generate a long and complex password based on PCI DSS standards:

  1. Access the PCI Security Standards Document Library.

  2. For PCI DSS, select the most recent version and your desired language.

  3. Complete the form to access the document.

  4. Search for Passwords/passphrasesmustmeetthefollowing: and follow the recommendations for password/passphrase requirements, testing, and guidance.

  • Depending on the document version, you will likely find this phrase in a section called Requirement8:Identifyandauthenticateaccesstosystemcomponents (or similar name).

To configure the public/private key pair:

  1. From the command line in a terminal window, generate a private key.

    You can generate either an encrypted version of the private key oran unencrypted version of the private key.

    To generate an unencrypted version, use the following command:

    To generate an encrypted version, use the following command (which omits “-nocrypt”):

    It is typically safer to generate an encrypted version.

    If you use the second command to encrypt the private key, thenOpenSSL prompts for a passphrase used to encrypt the private key file. Werecommend using a strong passphrase to protect the private key. Record thispassphrase in a secure location. You will input it when connecting toSnowflake. Note that the passphrase is only used for protecting the privatekey and will never be sent to Snowflake.

  2. From the command line, generate the public key by referencing the private key:

    Assuming the private key is encrypted and contained in the file named “rsa_key.p8”, use the following command:

  3. Copy the public and private key files to a local directory for storage. Record the path to the files. Note that the private key is stored using the PKCS#8 (Public Key Cryptography Standards) formatand is encrypted using the passphrase you specified in the previous step; however, the file should still be protected from unauthorized access using the file permission mechanism provided by youroperating system. It is your responsibility to secure the file when it is not being used.

  4. Assign the public key to the Snowflake user using ALTER USER. For example:

    Note

    • Only security administrators (i.e. users with the SECURITYADMIN role) or higher can alter a user.

    • Exclude the public key header and footer in the SQL statement.

    Verify the user’s public key fingerprint using DESCRIBE USER:

    Note

    The RSA_PUBLIC_KEY_2_FP property is described in Key Rotation (in this topic).

  5. Modify the data source name (DSN) entries for the driver. For information about the DSN entries, see the appropriate topic for your operating system:

    Macos catalina steam games. MacOS on Steam Browse the newest, top selling and discounted macOS supported games New and Trending Top Sellers What's Being Played Upcoming Results exclude some products based on your preferences. Indie, Simulation, Action, Adventure. 12 Hours to Die.

    Add the following (case-sensitive) parameters:

    AUTHENTICATOR=SNOWFLAKE_JWT

    Specifies to authenticate the Snowflake connection using key pair authentication with JSON Web Token (JWT).

    JWT_TIME_OUT=integer

    Optional. Specifies the length of time Snowflake waits to receive the JWT (in seconds) before timing out. If that happens, authentication fails and the driver returns an InvalidJWTtoken error. To resolve repeated occurrences of the error, increase the parameter value. Default: 30

    PRIV_KEY_FILE=path/rsa_key.p8

    Specifies the local path to the private key file you created (i.e. rsa_key.p8).

    The value set in DSN can be overridden by calling the SQLSetConnectAttr() function. For more details, seeSnowflake-specific behavior of the SQLSetConnectAttr function.

    PRIV_KEY_FILE_PWD=<password>

    Specifies the passcode to decode the private key file.

    This parameter should be set only if the parameter PRIV_KEY_FILE is also set.

    The value set in DSN can be overridden by calling the SQLSetConnectAttr() function. For more details, seeSnowflake-specific behavior of the SQLSetConnectAttr function.

  6. Save the settings.

Key Rotation¶

Snowflake supports multiple active keys to allow for uninterrupted rotation. Rotate and replace your public and private keys based on the expiration schedule you follow internally.

Currently, you can use the RSA_PUBLIC_KEY and RSA_PUBLIC_KEY_2 parameters for ALTER USER to associate up to 2 public keys with a single user.

To rotate your keys:

  1. Complete the steps in Using Key Pair Authentication to:

    • Generate a new private and public key set.

    • Assign the public key to the user. Set the public key value to either RSA_PUBLIC_KEY or RSA_PUBLIC_KEY_2 (whichever key value is not currently in use). For example:

  2. Update the code to connect to Snowflake. Specify the new private key.

    Snowflake verifies the correct active public key for authentication based on the private key submitted with your connection information.

  3. Remove the old public key from the user profile. For example:

Verifying the OCSP Connector or Driver Version¶

Snowflake uses OCSP to evaluate the certificate chain when making a connection to Snowflake. The driver or connector version and its configuration both determine the OCSP behavior. For more information about the driver or connector version, their configuration, and OCSP behavior, see OCSP Configuration.

OCSP Response Cache Server¶

Note

The OCSP response cache server is currently supported by the Snowflake ODBC Driver 2.15.0 and higher.

Snowflake clients initiate every connection to a Snowflake service endpoint with a “handshake” that establishes a secure connection before actually transferring data. As part of the handshake, aclient authenticates the TLS/SSL certificate for the service endpoint. The revocation status of the certificate is checked by sending a client certificate request to one of the OCSP(Online Certificate Status Protocol) servers for the CA (certificate authority).

A connection failure occurs when the response from the OCSP server is delayed beyond a reasonable time. The following caches persist the revocation status, helping alleviate these issues:

  • Memory cache, which persists for the life of the process.

  • File cache, which persists until the cache directory (e.g. ~/.cache/snowflake or ~/.snowsql/ocsp_response_cache) is purged.

  • Snowflake OCSP response cache server, which fetches OCSP responses from the CA’s OCSP servers hourly and stores them for 24 hours. Clients can then request the validation status of a given Snowflakecertificate from this server cache.

    Important

    If your server policy denies access to most or all external IP addresses and web sites, you must whitelist the cache server address to allow normal service operation. The cache server hostnameis ocsp*.snowflakecomputing.com:80.

    If you need to disable the cache server for any reason, set the SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED environment variable to false. Note that the value is case-sensitive and mustbe in lowercase.

Mac

If none of the cache layers contain the OCSP response, the client then attempts to fetch the validation status directly from the OCSP server for the CA.

Coments are closed