On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
Hi Sean,
there was a discussion a few weeks ago with the topic "Strange
behavior between Mysql, MariaDB and SSL."
I am not sure if the information in that discussion will solve your
problem.
I had a quick look through that thread and I don't think that is
necessarily relevant here (unless there was a part I missed) - that
seemed to be mostly about authentication method rather than SSL
specifically - it sounds like in this case a connection is being made it
is just that it does not seem to be secured using SSL encryption.
I checked the mysql client library code and it seems that if the MySQL
server says it does not support SSL then even if you ask for SSL
connection (which revDB does is the useSSL flag is true) that request
will be ignored and you will get a plaintext connection.
So this definitely *sounds* like a MySQL server setup problem rather
than a client one (there's some useful info for at least testing the
type of connection using the mysql command-line terminal utility here -
https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)
Another approach is the following. For security reasons we do not let
communicat our LC apps directly with MySQL Databases, if the Database
is hosted on a public server.
We using a Livecode Server Script on the Webserver for doing the
complete DB communication.
Our standalones (Mobile and Desktop) send the requests (password
encrypted string) either as POST or GET to the LC Server script. The
script encrypts the request string and executes it. The return from
the DB is then returned to our standalone.
This is most definitely a better solution - and is the only real option
if client apps are talking to the server from arbitrary networks.
Whilst a secured (via SSL) connection to MySQL directly should mitigate
security concerns (as all data flowing between client and server is
encrypted), there is no guarantee that an arbitrary network will *allow*
connection to the MySQL database port which is required for that to
function.
In contrast, you'd be hard pressed to find any network which allows
access to the internet which blocks port 80 (HTTP) or 443 (HTTPS).
Of course, the other advantage of using a 'gateway API' to access your
server data is that it allows client and server more flexibility in
changing and optimizing things - i.e. if you change something
server-side then you can probably make it so you don't necessarily need
a client update to match (as you can just adjust what the gateway does).
Warmest Regards,
Mark.
--
Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
