on-rev remote database

[Andre Garzia]

I think safety is over rated on some places. It all depends on the
sensitiveness of the information you are storing. If this is a simple
"Cooking Recipes Website" then using standard security polices will be
enough. If you're building your first web enabled livecode based nuclear
reactor then you might want something more robust.

If you decide to go with a remote connection, then edit the user that is
able to connect and strip him of all the priviledges he do not need. Allow
him to query the necessary tables and only that. Keep him away from schemas
and other reflections.

A cool (and theoretical since I never implemented it) and somewhat automatic
way for authentication to work is to use a ticket like this:

1) There is an authentication irev file which will only serve thru a SSL
connection. This file will receive a post call from the desktop client and
check if it is allowed to connect to the database, if it is so, then it will
answer back with a login/password combination to the client.

2) the client use the login/password combination from step 1 to connect to
the database. If connection breaks or expires, do step 1 again.

This login/pass combination can be generated at runtime and using cron you
can expire those credentials as you see fit. Think about it as some banks
generate Online VISA numbers good for one transaction only. You are
generating readonly access user credentials on demand, if any of your
credentials is compromissed the hacker will not have access to anything
since you took out all priviledges for that user and even so, after some
time, that user will expire and the login/pass combo will be useless.

:-P

(I never implemented this, I just though out of the blue how to give remote
access with some modest security that would not need code changes to replace
login credentials if the given logins were compromised)