SSL cPanel mySql setup

Pi Digital sean at pidigital.co.uk
Fri Oct 16 06:44:36 EDT 2020 

Thanks Mark

As I thought. Might as well have a server app that does the talking to the database. 

Sean Cole
Pi Digital

> On 16 Oct 2020, at 11:33, Mark Waddingham via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
>> Hi Sean,
>> there was a discussion a few weeks ago with the topic "Strange
>> behavior between Mysql, MariaDB and SSL."
>> I am not sure if the information in that discussion will solve your problem.
> 
> I had a quick look through that thread and I don't think that is necessarily relevant here (unless there was a part I missed) - that seemed to be mostly about authentication method rather than SSL specifically - it sounds like in this case a connection is being made it is just that it does not seem to be secured using SSL encryption.
> 
> I checked the mysql client library code and it seems that if the MySQL server says it does not support SSL then even if you ask for SSL connection (which revDB does is the useSSL flag is true) that request will be ignored and you will get a plaintext connection.
> 
> So this definitely *sounds* like a MySQL server setup problem rather than a client one (there's some useful info for at least testing the type of connection using the mysql command-line terminal utility here - https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)
> 
>> Another approach is the following. For security reasons we do not let
>> communicat our LC apps directly with MySQL Databases, if the Database
>> is hosted on a public server.
>> We using a Livecode Server Script on the Webserver for doing the
>> complete DB communication.
>> Our standalones (Mobile and Desktop) send the requests (password
>> encrypted string) either as POST or GET to the LC Server script. The
>> script encrypts the  request string and executes it. The return from
>> the DB is then returned to our standalone.
> 
> This is most definitely a better solution - and is the only real option if client apps are talking to the server from arbitrary networks.
> 
> Whilst a secured (via SSL) connection to MySQL directly should mitigate security concerns (as all data flowing between client and server is encrypted), there is no guarantee that an arbitrary network will *allow* connection to the MySQL database port which is required for that to function.
> 
> In contrast, you'd be hard pressed to find any network which allows access to the internet which blocks port 80 (HTTP) or 443 (HTTPS).
> 
> Of course, the other advantage of using a 'gateway API' to access your server data is that it allows client and server more flexibility in changing and optimizing things - i.e. if you change something server-side then you can probably make it so you don't necessarily need a client update to match (as you can just adjust what the gateway does).
> 
> Warmest Regards,
> 
> Mark.
> 
> -- 
> Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list