I agree with you except there are cases where it IS necessary and
doesn't require SSL. I have a customer that has an in house network and
WAN (it covers about 60 locations around the US but all connections are
by VPN back to the corporate office). I don't have the luxury of having
an irev server on their web server for my revlet to talk to (in their
case it's an MS SQL database accessed using ODBC). I need to have the
revlet communicate with the DB directly and as I mentioned in my last
email, I haven't figured out how to include the necessary .dll to do
that from a revlet.
len
Pierre Sahores wrote:
It's not realy safe to set up a postgreSQL nor MySQL on-rev backend as
a remote bindable rdbms as long as direct communication with those db
from the outside world without using an SSL, SHTTP or SSL tunnel will
be unsecure.
If we need to bind those backends without opening security holes in
our processes (login/password transfert over the web, even as MD5
hashes can be dangerous), the best to do is to have the revlet sending
its requests to an irev script witch will query the rdbms in localhost
mode and send back the result to the revlet.
As long as i did'nt set any revlet-irev communication process for yet,
i can't realy be realy helpfull about this part of the recommandation
but if anyone need some irev-MySQL way to go, i can send some samples.
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
