Hi, we've a prototype but not ready for the production. In the meanwhile why don't you setup an Apache HTTPD in front to OrientDB?
Lvc@ On 14 February 2014 17:49, ena <[email protected]> wrote: > Hi Luca, any news about this topic? We'd like to use OrientDb as > database+application server (all in one solution). Problem is that basic > authentication without https isn't secure at all... > > Il giorno giovedì 12 settembre 2013 21:56:50 UTC+2, Lvc@ ha scritto: >> >> Hi, >> right now OrientDB hasn't an integrated SSL support. By a quick look at >> SSL support in Java 1.6+ seems very simple to implement a new listener >> based on secure socket: >> >> http://stilius.net/java/java_ssl.php >> >> Could you open a new issue for this? In the meanwhile does anyone know a >> wrapper/proxy to use SSL connections? >> >> Lvc@ >> >> >> >> On 12 September 2013 21:42, odbuser <[email protected]> wrote: >> >>> @Emrul : I agree about the VPN except there's also a need to do >>> orientdb ssl intercommunication even over a VPN. In any case, it has been >>> mentioned that inter orientdb communication can use SSL (not sure if this >>> is 1.6 and up or if it has been implemented...) but the client connections >>> (remote client) can't use SSL yet. >>> >>> LVC, please expound on this. SSL is critical for my application. It >>> it's not available, I'll have to use a combination of secure orientdb >>> clusters (if available) and colocated an https server with each orientdb >>> node that accesses orientdb using a non-ssl connection. I'd rather >>> eliminate the extra https server but I'd need the remote client connections >>> to be secure. >>> >>> >>> On Thursday, September 12, 2013 4:38:46 AM UTC-4, Emrul Islam wrote: >>>> >>>> Nobody? Have you read the Snowden leaks in the news recently? ;) >>>> >>>> For my own servers I prefer to setup VPN between them rather than rely >>>> on SSL protocols for a number of reasons: >>>> - usually more efficient (built into OS kernel in most cases) & can >>>> compress all traffic >>>> - encrypts all traffic between machines, not just any one protocol. >>>> This is useful if you use remote logging & monitoring tools >>>> - if there's a hole in the SSL library its a headache to go update >>>> every piece of software you have that uses SSL >>>> - avoids the overhead of having to create a secure session for each >>>> connection >>>> >>>> Not suggesting that VPN is invulnerable, but it is a more secure setup >>>> in my opinion with lots of advantages. >>>> >>>> >>>> >>>> On Thursday, September 12, 2013 5:57:33 AM UTC+1, eduardoejp wrote: >>>>> >>>>> Are there plans to have the binary protocol go over SSL? >>>>> I'd feel better knowing nobody can sniff my server<-->DB >>>>> communications. >>>>> >>>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OrientDB" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
