Thanks Mark As I thought. Might as well have a server app that does the talking to the database.
Sean Cole Pi Digital > On 16 Oct 2020, at 11:33, Mark Waddingham via use-livecode > <use-livecode@lists.runrev.com> wrote: > > On 2020-10-16 10:51, matthias rebbe via use-livecode wrote: >> Hi Sean, >> there was a discussion a few weeks ago with the topic "Strange >> behavior between Mysql, MariaDB and SSL." >> I am not sure if the information in that discussion will solve your problem. > > I had a quick look through that thread and I don't think that is necessarily > relevant here (unless there was a part I missed) - that seemed to be mostly > about authentication method rather than SSL specifically - it sounds like in > this case a connection is being made it is just that it does not seem to be > secured using SSL encryption. > > I checked the mysql client library code and it seems that if the MySQL server > says it does not support SSL then even if you ask for SSL connection (which > revDB does is the useSSL flag is true) that request will be ignored and you > will get a plaintext connection. > > So this definitely *sounds* like a MySQL server setup problem rather than a > client one (there's some useful info for at least testing the type of > connection using the mysql command-line terminal utility here - > https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/) > >> Another approach is the following. For security reasons we do not let >> communicat our LC apps directly with MySQL Databases, if the Database >> is hosted on a public server. >> We using a Livecode Server Script on the Webserver for doing the >> complete DB communication. >> Our standalones (Mobile and Desktop) send the requests (password >> encrypted string) either as POST or GET to the LC Server script. The >> script encrypts the request string and executes it. The return from >> the DB is then returned to our standalone. > > This is most definitely a better solution - and is the only real option if > client apps are talking to the server from arbitrary networks. > > Whilst a secured (via SSL) connection to MySQL directly should mitigate > security concerns (as all data flowing between client and server is > encrypted), there is no guarantee that an arbitrary network will *allow* > connection to the MySQL database port which is required for that to function. > > In contrast, you'd be hard pressed to find any network which allows access to > the internet which blocks port 80 (HTTP) or 443 (HTTPS). > > Of course, the other advantage of using a 'gateway API' to access your server > data is that it allows client and server more flexibility in changing and > optimizing things - i.e. if you change something server-side then you can > probably make it so you don't necessarily need a client update to match (as > you can just adjust what the gateway does). > > Warmest Regards, > > Mark. > > -- > Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/ > LiveCode: Everyone can create apps > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
