Connecting Rev stack to On-Rev mySQL DB?

[Andre Garzia]

Kay,

I think that the safest method is:

a) Use a server side RevServer file to do all your database routines. Never
talk directly to the database but instead, talk to your RevServer
middleware.

b) Make it so that your client application and your RevServer middleware do
some kind of special handshake to recognize each other.

c) use HTTPS for all communication between client and server (so that Evil
H4ck3r will not sniff you)

d) Make sure this handshake does not involve the same password as the db
password (I am guilt of doing this once)

To create the RevServer part, you might want to check out
http://revIgniter.com or http://hg.andregarzia.com/revSparkle (soon to be
renamed revSpark as per Kee suggestion) which are booth web frameworks that
will make your life easier.

Cheers
andre

On Fri, Mar 26, 2010 at 12:20 PM, Devin Asay <devin_asay at byu.edu> wrote:

>
> On Mar 25, 2010, at 2:56 PM, Andre Garzia wrote:
>
>  John,
>>
>> check the allowed hosts on your control panel, add the % wildcard there.
>>
>> Cheers
>> andre
>> PS: Power grid failure over here, working on batts, sorry for the hushed
>> reply
>>
>
> This is in fact what I have done on my MySQL account to make db's
> accessible from outside my on-rev domain. Beyond that, the advice from
> Sarah, Andre, Kay, and Jim is valuable with regard to security issues.
>
> BTW, it's not obvious from the on-rev CPanel where to make the change to
> the allowed hosts. Under Databases click Remote MySQL. There you can add
> specific allowed IP addresses, DNS names, or the '%' wildcard.
>
> Devin
>
>
> Devin Asay
> Humanities Technology and Research Support Center
> Brigham Young University
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>



-- 
http://www.andregarzia.com All We Do Is Code.