Apologize for the newbie questions - could anyone explain security in these 2 situations
Between Developer/Server and the database: If I am working on a solution for a client from my office and connecting to my client’s database through a certain IP address and port number (I assume they have to use port forwarding to allow me to connect). Is this secure? What is the risk? What would make it most secure?
Between Client and Server: When clients connect from outside of their LAN, how secure is the connection? I don’t really want to add a layer of complexity and use SSL - but do I need to?
If you have a look at the 2.0 RC build - you will see in the preferences a way for you to specify that the communications between Servoy Client and Server are encrypted (SSL) automatically.
Thanks - my question is more basic however - do I NEED SSL? and does it slow down performance at all? If not, then should I always use it be default? I’m not tracking sensitive financial data.
Also, do I need any kind of encryption between db and server if connecting to a database not on the same LAN as the servoy application server? Is it available?
chris:
do I NEED SSL? and does it slow down performance at all? If not, then should I always use it be default? I’m not tracking sensitive financial data.
The performance loss is less than 1% (did you ever notice a speed diffence when accessing a https site instead of http?)
chris:
Also, do I need any kind of encryption between db and server if connecting to a database not on the same LAN as the servoy application server?
Well depents on your data, if it sensitive data you might cosider doing this, some dbs do support such an option…