Secure connection: to db, and server to client

Questions and Answers on installation, deployment, management, locking, tranasactions of Servoy Application Server

Secure connection: to db, and server to client

Postby chris » Tue Feb 03, 2004 6:40 pm

Apologize for the newbie questions - could anyone explain security in these 2 situations

1) Between Developer/Server and the database: If I am working on a solution for a client from my office and connecting to my client's database through a certain IP address and port number (I assume they have to use port forwarding to allow me to connect). Is this secure? What is the risk? What would make it most secure?

2) Between Client and Server: When clients connect from outside of their LAN, how secure is the connection? I don't really want to add a layer of complexity and use SSL - but do I need to?

Much appreciated.
chris
 
Posts: 82
Joined: Wed Dec 31, 2003 8:24 pm

Postby bcusick » Wed Feb 04, 2004 12:07 pm

Hi Chris,

If you have a look at the 2.0 RC build - you will see in the preferences a way for you to specify that the communications between Servoy Client and Server are encrypted (SSL) automatically. :D

Hope this helps,

Bob Cusick
bcusick
 
Posts: 1255
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Postby chris » Wed Feb 04, 2004 2:54 pm

Hi Bob,

Thanks - my question is more basic however - do I NEED SSL? and does it slow down performance at all? If not, then should I always use it be default? I'm not tracking sensitive financial data.

Also, do I need any kind of encryption between db and server if connecting to a database not on the same LAN as the servoy application server? Is it available?

Thanks
chris
 
Posts: 82
Joined: Wed Dec 31, 2003 8:24 pm

Postby Jan Blok » Wed Feb 11, 2004 4:04 pm

chris wrote:do I NEED SSL? and does it slow down performance at all? If not, then should I always use it be default? I'm not tracking sensitive financial data.

The performance loss is less than 1% (did you ever notice a speed diffence when accessing a https site instead of http?)

chris wrote:Also, do I need any kind of encryption between db and server if connecting to a database not on the same LAN as the servoy application server?

Well depents on your data, if it sensitive data you might cosider doing this, some dbs do support such an option...
Jan Blok
Servoy
Jan Blok
 
Posts: 2684
Joined: Mon Jun 23, 2003 11:15 am
Location: Amsterdam


Return to Servoy Server

Who is online

Users browsing this forum: No registered users and 10 guests