advice on a Rev-plus-internet setup (off-topic)

viktoras didziulis viktoras at ekoinf.net
Sat Jan 5 06:07:47 EST 2008


Hi Nicolas,

Leaving an open port for remote access to any database would it be MySQL 
or Postgress is considered a serious web server security breach and most 
providers are aware about this. Besides your data would never be secure 
on such an open system - anyone that is able to sniff your password can 
drop all your tables, and do even more harm... You should use a server 
side "relay" script which would ensure secure communication between the 
database and you application by filtering all the input and stopping any 
potentially dangerous strings. This also allows database-enabled 
application to be distributed without MySQL drivers, so you won't owe 
anything to MySQL AB.

A while ago a simple relay script written in Perl was posted to this 
list - see archives (October 3, 2007) look for the thread 'serverside 
"relay" script'. It can also be implemented in PHP or any other 
server-side scripting language.

Best wishes
Viktoras



Nicolas Cueto wrote:
>>  However, how are the
>> text files maintained now?  Since you can use get URL <textfile> the
>> same as reading a file on the (file) server, it seems to me that it
>> could be as simple as adding the characters "URL" to your get/put
>> instructions.
>>     
>
> Thanks for the reply.
>
> I had thought about using get/put URL if I continued to rely on txt
> files.
> I'll give it a try.
>
> But the reason I was thinking databases instead was the possibility
> of several users getting/putting information simultaneously thru the
> server.
>
> So, with this in mind, back onto the topic of databases...
>
> After looking around the RunRev archives, one unexpected thing
> came up. It seems that because licensing is an issue, some members
> have suggested PostgreSQL over MySQL, given the former's clearly
> stated (and free!) licensing policy.
>
> Another thing I learnt from the archives (and from experience with
> my current web host) is that connecting remotely to a database
> is not popular among web hosts. They seem to prefer online management.
>
> One web host that does allow remote access, and which is repeatedly
> recommended by Rev users is Dreamhost. But, their set up is only
> MySQL.
>
> So, my next question is, would anyone care to recommend a webhost
> that allows remote connections (via Rev, of course!) to a PostgreSQL
> database?
>
> Cheers,
>
> Nicolas Cueto
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
>   




More information about the use-livecode mailing list