SSL cPanel mySql setup

Mark Waddingham mark at livecode.com
Fri Oct 16 06:33:22 EDT 2020 

On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
> Hi Sean,
> 
> there was a discussion a few weeks ago with the topic "Strange
> behavior between Mysql, MariaDB and SSL."
> I am not sure if the information in that discussion will solve your 
> problem.

I had a quick look through that thread and I don't think that is 
necessarily relevant here (unless there was a part I missed) - that 
seemed to be mostly about authentication method rather than SSL 
specifically - it sounds like in this case a connection is being made it 
is just that it does not seem to be secured using SSL encryption.

I checked the mysql client library code and it seems that if the MySQL 
server says it does not support SSL then even if you ask for SSL 
connection (which revDB does is the useSSL flag is true) that request 
will be ignored and you will get a plaintext connection.

So this definitely *sounds* like a MySQL server setup problem rather 
than a client one (there's some useful info for at least testing the 
type of connection using the mysql command-line terminal utility here - 
https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)

> Another approach is the following. For security reasons we do not let
> communicat our LC apps directly with MySQL Databases, if the Database
> is hosted on a public server.
> 
> We using a Livecode Server Script on the Webserver for doing the
> complete DB communication.
> Our standalones (Mobile and Desktop) send the requests (password
> encrypted string) either as POST or GET to the LC Server script. The
> script encrypts the  request string and executes it. The return from
> the DB is then returned to our standalone.

This is most definitely a better solution - and is the only real option 
if client apps are talking to the server from arbitrary networks.

Whilst a secured (via SSL) connection to MySQL directly should mitigate 
security concerns (as all data flowing between client and server is 
encrypted), there is no guarantee that an arbitrary network will *allow* 
connection to the MySQL database port which is required for that to 
function.

In contrast, you'd be hard pressed to find any network which allows 
access to the internet which blocks port 80 (HTTP) or 443 (HTTPS).

Of course, the other advantage of using a 'gateway API' to access your 
server data is that it allows client and server more flexibility in 
changing and optimizing things - i.e. if you change something 
server-side then you can probably make it so you don't necessarily need 
a client update to match (as you can just adjust what the gateway does).

Warmest Regards,

Mark.

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps

More information about the use-livecode mailing list