Thanks Mark

As I thought. Might as well have a server app that does the talking to the 
database. 

Sean Cole
Pi Digital

> On 16 Oct 2020, at 11:33, Mark Waddingham via use-livecode 
> <use-livecode@lists.runrev.com> wrote:
> 
> ´╗┐On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
>> Hi Sean,
>> there was a discussion a few weeks ago with the topic "Strange
>> behavior between Mysql, MariaDB and SSL."
>> I am not sure if the information in that discussion will solve your problem.
> 
> I had a quick look through that thread and I don't think that is necessarily 
> relevant here (unless there was a part I missed) - that seemed to be mostly 
> about authentication method rather than SSL specifically - it sounds like in 
> this case a connection is being made it is just that it does not seem to be 
> secured using SSL encryption.
> 
> I checked the mysql client library code and it seems that if the MySQL server 
> says it does not support SSL then even if you ask for SSL connection (which 
> revDB does is the useSSL flag is true) that request will be ignored and you 
> will get a plaintext connection.
> 
> So this definitely *sounds* like a MySQL server setup problem rather than a 
> client one (there's some useful info for at least testing the type of 
> connection using the mysql command-line terminal utility here - 
> https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)
> 
>> Another approach is the following. For security reasons we do not let
>> communicat our LC apps directly with MySQL Databases, if the Database
>> is hosted on a public server.
>> We using a Livecode Server Script on the Webserver for doing the
>> complete DB communication.
>> Our standalones (Mobile and Desktop) send the requests (password
>> encrypted string) either as POST or GET to the LC Server script. The
>> script encrypts the  request string and executes it. The return from
>> the DB is then returned to our standalone.
> 
> This is most definitely a better solution - and is the only real option if 
> client apps are talking to the server from arbitrary networks.
> 
> Whilst a secured (via SSL) connection to MySQL directly should mitigate 
> security concerns (as all data flowing between client and server is 
> encrypted), there is no guarantee that an arbitrary network will *allow* 
> connection to the MySQL database port which is required for that to function.
> 
> In contrast, you'd be hard pressed to find any network which allows access to 
> the internet which blocks port 80 (HTTP) or 443 (HTTPS).
> 
> Of course, the other advantage of using a 'gateway API' to access your server 
> data is that it allows client and server more flexibility in changing and 
> optimizing things - i.e. if you change something server-side then you can 
> probably make it so you don't necessarily need a client update to match (as 
> you can just adjust what the gateway does).
> 
> Warmest Regards,
> 
> Mark.
> 
> -- 
> Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to