Hi Luca, any news about this topic? We'd like to use OrientDb as database+application server (all in one solution). Problem is that basic authentication without https isn't secure at all...
Il giorno giovedì 12 settembre 2013 21:56:50 UTC+2, Lvc@ ha scritto: > > Hi, > right now OrientDB hasn't an integrated SSL support. By a quick look at > SSL support in Java 1.6+ seems very simple to implement a new listener > based on secure socket: > > http://stilius.net/java/java_ssl.php > > Could you open a new issue for this? In the meanwhile does anyone know a > wrapper/proxy to use SSL connections? > > Lvc@ > > > > On 12 September 2013 21:42, odbuser <[email protected] <javascript:>>wrote: > >> @Emrul : I agree about the VPN except there's also a need to do orientdb >> ssl intercommunication even over a VPN. In any case, it has been mentioned >> that inter orientdb communication can use SSL (not sure if this is 1.6 and >> up or if it has been implemented...) but the client connections (remote >> client) can't use SSL yet. >> >> LVC, please expound on this. SSL is critical for my application. It >> it's not available, I'll have to use a combination of secure orientdb >> clusters (if available) and colocated an https server with each orientdb >> node that accesses orientdb using a non-ssl connection. I'd rather >> eliminate the extra https server but I'd need the remote client connections >> to be secure. >> >> >> On Thursday, September 12, 2013 4:38:46 AM UTC-4, Emrul Islam wrote: >>> >>> Nobody? Have you read the Snowden leaks in the news recently? ;) >>> >>> For my own servers I prefer to setup VPN between them rather than rely >>> on SSL protocols for a number of reasons: >>> - usually more efficient (built into OS kernel in most cases) & can >>> compress all traffic >>> - encrypts all traffic between machines, not just any one protocol. This >>> is useful if you use remote logging & monitoring tools >>> - if there's a hole in the SSL library its a headache to go update every >>> piece of software you have that uses SSL >>> - avoids the overhead of having to create a secure session for each >>> connection >>> >>> Not suggesting that VPN is invulnerable, but it is a more secure setup >>> in my opinion with lots of advantages. >>> >>> >>> >>> On Thursday, September 12, 2013 5:57:33 AM UTC+1, eduardoejp wrote: >>>> >>>> Are there plans to have the binary protocol go over SSL? >>>> I'd feel better knowing nobody can sniff my server<-->DB communications. >>>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OrientDB" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
