Any HTTPS certificate details specified in the OData Server configuration file only apply to the embedded HTTP server. For more information about how HTTPS certification is handled through an alternative HTTP server, see the HTTP server documentation.

It is recommended that you always use SSL in production deployments.

All traffic between the OData Producer and clients is transmitted in plain text, including user IDs and passwords, when the SSLKeyStore option is not specified in the OData Server configuration file. This option is not specified in default configurations.

When using the OData Producer to query a SQL Anywhere version 12 or earlier database, all database objects are exposed. They are not filtered based on user credentials.

The database server returns an error when you attempt to access an object without the appropriate database privilege.

• How to configure the OData Server
• OData Server utility (dbosrv16.exe)
•  http://www.odata.org/documentation/IndexV2
•  http://wiki.eclipse.org/Jetty
•  http://docs.codehaus.org/display/JETTY/Jetty+Wiki