on-rev remote database

Pierre Sahores psahores at free.fr
Tue Oct 19 15:07:38 EDT 2010


Ien,

In practice, there will no be any performances difference at all between IP-based or credential-based authentication (even if the credential are send in secure mode) and you can trust me on this. On the other hand, your authentication system will make all your n-tier app process lots more secure than it would be in using something else instead. Try to always get in mind that any Cloud available app will, at one point or an other be scanned by untrustable peoples and computers farms automatic processes searching to hack your app to take hand on it (and they are sometimes attacking their targets 4-6 months per year even if they stay unsuccessful after the first attempts... and the last ones, only if the app is really safely structured). Trust need there to go along experience. Any business-dedicated n-tier app need to be build in always getting this in mind. In other words, security is never optional but the first main part we need to have in mind when we are starting a project and, fortunally, there are lots of ways to strongly secure a LiveCode-based n-tier app. Between two level strong authentication based (1.- what i know + 2.- what i own) and secure protocols, all the best can and need to be done.

my two cents,

Pierre

Le 19 oct. 2010 à 13:56, Len Morgan a écrit :

> This is all a moot point now since I have just been informed by Heather that the only way the on-rev server can be set up to do this is if you give them all of the IP addresses that people are going to connect from and they will allow those IP addresses to connect.  This of course will never work with a large potential user base of hundreds or thousands.  I guess I'm going to have to throw away everything I've done so far and start over with the web based approach that Pierre suggested.  It's going to kill my performance but it's the only option I've got open to me at this point.
> 
> len morgan
> 
> On 10/19/2010 2:27 AM, Pierre Sahores wrote:
>> Le 18 oct. 2010 à 20:41, Andrew Kluthe a écrit :
>> 
>>> The client never actually gets the login credentials for the database
>>> because they are stored in our private "big" client DB. On startup the rev
>>> program fetches the credentials from our database and connects to theirs to
>>> begin working with it.
>> Definitively the way to go !
>>> I would hate to have to rewrite my entire suite of programs to center around
>>> an irev script for the transactions. I would love to use On-Rev as a
>>> database host because of how close it is to where I am located and the power
>>> of revServer.
>> If you prefer, you can do this in having your client (web browser or LiveCode ria app) posting their credentials to a PHP script indeed but in any case you will have to be sure that the server-side script will respond to the clients requests and interact with the db-backend only when each client will have been authenticated as allowed to interact with its own account on your on-line app.
>> 
>> If most of your customers are, alike mine, using dynamic IP to connect the cloud and subsequently your or mine on-line apps, an IP-based authentication system will not be usable nor safe at all in such a context.
>> 
>> HTH,
>> 
>> --
>> Pierre Sahores
>> mobile : (33) 6 03 95 77 70
>> 
>> www.woooooooords.com
>> www.sahores-conseil.com
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>> 
>> 
> 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 

--
Pierre Sahores
mobile : (33) 6 03 95 77 70

www.woooooooords.com
www.sahores-conseil.com









More information about the Use-livecode mailing list