advice on a Rev-plus-internet setup (off-topic)

Len Morgan len-morgan at crcom.net
Sat Jan 5 07:39:26 EST 2008


I must be missing something here.  Why do you need access to the 
DATABASE from the web?  All you need to do is make "requests" to the WEB 
SERVER where a cgi program will do the talking to the database.  The 
database itself is never exposed to the outside world.  You need NO 
database drivers in the program that is installed on the user machines.  
As far as they are concerned, they are accessing a text file.  How that 
text get retrieved doesn't matter to the program.

What am I missing here?

Len Morgan


viktoras didziulis wrote:
> Hi Nicolas,
>
> Leaving an open port for remote access to any database would it be 
> MySQL or Postgress is considered a serious web server security breach 
> and most providers are aware about this. Besides your data would never 
> be secure on such an open system - anyone that is able to sniff your 
> password can drop all your tables, and do even more harm... You should 
> use a server side "relay" script which would ensure secure 
> communication between the database and you application by filtering 
> all the input and stopping any potentially dangerous strings. This 
> also allows database-enabled application to be distributed without 
> MySQL drivers, so you won't owe anything to MySQL AB.
>
> A while ago a simple relay script written in Perl was posted to this 
> list - see archives (October 3, 2007) look for the thread 'serverside 
> "relay" script'. It can also be implemented in PHP or any other 
> server-side scripting language.
>
> Best wishes
> Viktoras
>
>
>
> Nicolas Cueto wrote:
>>>  However, how are the
>>> text files maintained now?  Since you can use get URL <textfile> the
>>> same as reading a file on the (file) server, it seems to me that it
>>> could be as simple as adding the characters "URL" to your get/put
>>> instructions.
>>>     
>>
>> Thanks for the reply.
>>
>> I had thought about using get/put URL if I continued to rely on txt
>> files.
>> I'll give it a try.
>>
>> But the reason I was thinking databases instead was the possibility
>> of several users getting/putting information simultaneously thru the
>> server.
>>
>> So, with this in mind, back onto the topic of databases...
>>
>> After looking around the RunRev archives, one unexpected thing
>> came up. It seems that because licensing is an issue, some members
>> have suggested PostgreSQL over MySQL, given the former's clearly
>> stated (and free!) licensing policy.
>>
>> Another thing I learnt from the archives (and from experience with
>> my current web host) is that connecting remotely to a database
>> is not popular among web hosts. They seem to prefer online management.
>>
>> One web host that does allow remote access, and which is repeatedly
>> recommended by Rev users is Dreamhost. But, their set up is only
>> MySQL.
>>
>> So, my next question is, would anyone care to recommend a webhost
>> that allows remote connections (via Rev, of course!) to a PostgreSQL
>> database?
>>
>> Cheers,
>>
>> Nicolas Cueto
>>
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
>>   
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>




More information about the use-livecode mailing list