On-Rev and PostgreSQL
Len Morgan
len-morgan at crcom.net
Tue Nov 17 15:59:14 EST 2009
I agree with you except there are cases where it IS necessary and
doesn't require SSL. I have a customer that has an in house network and
WAN (it covers about 60 locations around the US but all connections are
by VPN back to the corporate office). I don't have the luxury of having
an irev server on their web server for my revlet to talk to (in their
case it's an MS SQL database accessed using ODBC). I need to have the
revlet communicate with the DB directly and as I mentioned in my last
email, I haven't figured out how to include the necessary .dll to do
that from a revlet.
len
Pierre Sahores wrote:
> It's not realy safe to set up a postgreSQL nor MySQL on-rev backend as
> a remote bindable rdbms as long as direct communication with those db
> from the outside world without using an SSL, SHTTP or SSL tunnel will
> be unsecure.
>
> If we need to bind those backends without opening security holes in
> our processes (login/password transfert over the web, even as MD5
> hashes can be dangerous), the best to do is to have the revlet sending
> its requests to an irev script witch will query the rdbms in localhost
> mode and send back the result to the revlet.
>
> As long as i did'nt set any revlet-irev communication process for yet,
> i can't realy be realy helpfull about this part of the recommandation
> but if anyone need some irev-MySQL way to go, i can send some samples.
>
More information about the use-livecode
mailing list