SSL cPanel mySql setup

classic Classic list List threaded Threaded
33 messages Options
12
Reply | Threaded
Open this post in threaded view
|

SSL cPanel mySql setup

Ralph DiMola via use-livecode
Hi

I’ve found myself out of my depth and in need of advice.
We have a cPanel webspace with mySQL running on a phpMyAdmin layer within the cPanel setup. Communicating with it from LC has been a breeze. However, doing a traffic scan we noticed that our queries and responses from the database are completely visible. Obviously a high security risk.

Using an ssl certificate set, how do I implement this? How do I get cPanel to allow for it and get LC to make use of them when using revOpenDatabase? I have the useSSL flag set to Boolean ‘true’. I’ve tried using the set certificates pointing it at the three ssl files. But the data still is fully readable as plaintext in both direction when checked by our traffic scanner.

Thanks

Sean

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Hi Sean,

there was a discussion a few weeks ago with the topic "Strange behavior between Mysql, MariaDB and SSL."
I am not sure if the information in that discussion will solve your problem.

Another approach is the following. For security reasons we do not let communicat our LC apps directly with MySQL Databases, if the Database is hosted on a public server.

We using a Livecode Server Script on the Webserver for doing the complete DB communication.
Our standalones (Mobile and Desktop) send the requests (password encrypted string) either as POST or GET to the LC Server script. The script encrypts the  request string and executes it. The return from the DB is then returned to our standalone.

Another way would be to use an LC server api HostM is providing for free.
https://www.hostm.com/tutorials/livecode/api-mariadb-mysql


Regards,
Matthias

-
Matthias Rebbe
Life Is Too Short For Boring Code

> Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode <[hidden email]>:
>
> Hi
>
> I’ve found myself out of my depth and in need of advice.
> We have a cPanel webspace with mySQL running on a phpMyAdmin layer within the cPanel setup. Communicating with it from LC has been a breeze. However, doing a traffic scan we noticed that our queries and responses from the database are completely visible. Obviously a high security risk.
>
> Using an ssl certificate set, how do I implement this? How do I get cPanel to allow for it and get LC to make use of them when using revOpenDatabase? I have the useSSL flag set to Boolean ‘true’. I’ve tried using the set certificates pointing it at the three ssl files. But the data still is fully readable as plaintext in both direction when checked by our traffic scanner.
>
> Thanks
>
> Sean
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Excellent. Thanks Matthias. Both your comments and the other discussion
were of help. Looks like I'll be making a server app then.


Sean Cole
*Pi Digital *

On Fri, 16 Oct 2020 at 10:51, matthias rebbe via use-livecode <
[hidden email]> wrote:

> Hi Sean,
>
> there was a discussion a few weeks ago with the topic "Strange behavior
> between Mysql, MariaDB and SSL."
> I am not sure if the information in that discussion will solve your
> problem.
>
> Another approach is the following. For security reasons we do not let
> communicat our LC apps directly with MySQL Databases, if the Database is
> hosted on a public server.
>
> We using a Livecode Server Script on the Webserver for doing the complete
> DB communication.
> Our standalones (Mobile and Desktop) send the requests (password encrypted
> string) either as POST or GET to the LC Server script. The script encrypts
> the  request string and executes it. The return from the DB is then
> returned to our standalone.
>
> Another way would be to use an LC server api HostM is providing for free.
> https://www.hostm.com/tutorials/livecode/api-mariadb-mysql
>
>
> Regards,
> Matthias
>
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
>
> > Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode <
> [hidden email]>:
> >
> > Hi
> >
> > I’ve found myself out of my depth and in need of advice.
> > We have a cPanel webspace with mySQL running on a phpMyAdmin layer
> within the cPanel setup. Communicating with it from LC has been a breeze.
> However, doing a traffic scan we noticed that our queries and responses
> from the database are completely visible. Obviously a high security risk.
> >
> > Using an ssl certificate set, how do I implement this? How do I get
> cPanel to allow for it and get LC to make use of them when using
> revOpenDatabase? I have the useSSL flag set to Boolean ‘true’. I’ve tried
> using the set certificates pointing it at the three ssl files. But the data
> still is fully readable as plaintext in both direction when checked by our
> traffic scanner.
> >
> > Thanks
> >
> > Sean
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
> Hi Sean,
>
> there was a discussion a few weeks ago with the topic "Strange
> behavior between Mysql, MariaDB and SSL."
> I am not sure if the information in that discussion will solve your
> problem.

I had a quick look through that thread and I don't think that is
necessarily relevant here (unless there was a part I missed) - that
seemed to be mostly about authentication method rather than SSL
specifically - it sounds like in this case a connection is being made it
is just that it does not seem to be secured using SSL encryption.

I checked the mysql client library code and it seems that if the MySQL
server says it does not support SSL then even if you ask for SSL
connection (which revDB does is the useSSL flag is true) that request
will be ignored and you will get a plaintext connection.

So this definitely *sounds* like a MySQL server setup problem rather
than a client one (there's some useful info for at least testing the
type of connection using the mysql command-line terminal utility here -
https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)

> Another approach is the following. For security reasons we do not let
> communicat our LC apps directly with MySQL Databases, if the Database
> is hosted on a public server.
>
> We using a Livecode Server Script on the Webserver for doing the
> complete DB communication.
> Our standalones (Mobile and Desktop) send the requests (password
> encrypted string) either as POST or GET to the LC Server script. The
> script encrypts the  request string and executes it. The return from
> the DB is then returned to our standalone.

This is most definitely a better solution - and is the only real option
if client apps are talking to the server from arbitrary networks.

Whilst a secured (via SSL) connection to MySQL directly should mitigate
security concerns (as all data flowing between client and server is
encrypted), there is no guarantee that an arbitrary network will *allow*
connection to the MySQL database port which is required for that to
function.

In contrast, you'd be hard pressed to find any network which allows
access to the internet which blocks port 80 (HTTP) or 443 (HTTPS).

Of course, the other advantage of using a 'gateway API' to access your
server data is that it allows client and server more flexibility in
changing and optimizing things - i.e. if you change something
server-side then you can probably make it so you don't necessarily need
a client update to match (as you can just adjust what the gateway does).

Warmest Regards,

Mark.

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Thanks Mark

As I thought. Might as well have a server app that does the talking to the database.

Sean Cole
Pi Digital

> On 16 Oct 2020, at 11:33, Mark Waddingham via use-livecode <[hidden email]> wrote:
>
> On 2020-10-16 10:51, matthias rebbe via use-livecode wrote:
>> Hi Sean,
>> there was a discussion a few weeks ago with the topic "Strange
>> behavior between Mysql, MariaDB and SSL."
>> I am not sure if the information in that discussion will solve your problem.
>
> I had a quick look through that thread and I don't think that is necessarily relevant here (unless there was a part I missed) - that seemed to be mostly about authentication method rather than SSL specifically - it sounds like in this case a connection is being made it is just that it does not seem to be secured using SSL encryption.
>
> I checked the mysql client library code and it seems that if the MySQL server says it does not support SSL then even if you ask for SSL connection (which revDB does is the useSSL flag is true) that request will be ignored and you will get a plaintext connection.
>
> So this definitely *sounds* like a MySQL server setup problem rather than a client one (there's some useful info for at least testing the type of connection using the mysql command-line terminal utility here - https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/)
>
>> Another approach is the following. For security reasons we do not let
>> communicat our LC apps directly with MySQL Databases, if the Database
>> is hosted on a public server.
>> We using a Livecode Server Script on the Webserver for doing the
>> complete DB communication.
>> Our standalones (Mobile and Desktop) send the requests (password
>> encrypted string) either as POST or GET to the LC Server script. The
>> script encrypts the  request string and executes it. The return from
>> the DB is then returned to our standalone.
>
> This is most definitely a better solution - and is the only real option if client apps are talking to the server from arbitrary networks.
>
> Whilst a secured (via SSL) connection to MySQL directly should mitigate security concerns (as all data flowing between client and server is encrypted), there is no guarantee that an arbitrary network will *allow* connection to the MySQL database port which is required for that to function.
>
> In contrast, you'd be hard pressed to find any network which allows access to the internet which blocks port 80 (HTTP) or 443 (HTTPS).
>
> Of course, the other advantage of using a 'gateway API' to access your server data is that it allows client and server more flexibility in changing and optimizing things - i.e. if you change something server-side then you can probably make it so you don't necessarily need a client update to match (as you can just adjust what the gateway does).
>
> Warmest Regards,
>
> Mark.
>
> --
> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Sean:
You might find this download interesting, perhaps useful:
http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip <http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip>

It is a demo of AES encryption that I use. The livecode app encrypts it, sends to a php file, which decrypts it and posts to a mysql database. You could even store the data encrypted if you want, but I like to access the db with phpMyAdmin.

Best,
Bill

William A. Prothero
https://earthlearningsolutions.org

> On Oct 16, 2020, at 2:51 AM, matthias rebbe via use-livecode <[hidden email]> wrote:
>
> Hi Sean,
>
> there was a discussion a few weeks ago with the topic "Strange behavior between Mysql, MariaDB and SSL."
> I am not sure if the information in that discussion will solve your problem.
>
> Another approach is the following. For security reasons we do not let communicat our LC apps directly with MySQL Databases, if the Database is hosted on a public server.
>
> We using a Livecode Server Script on the Webserver for doing the complete DB communication.
> Our standalones (Mobile and Desktop) send the requests (password encrypted string) either as POST or GET to the LC Server script. The script encrypts the  request string and executes it. The return from the DB is then returned to our standalone.
>
> Another way would be to use an LC server api HostM is providing for free.
> https://www.hostm.com/tutorials/livecode/api-mariadb-mysql
>
>
> Regards,
> Matthias
>
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
>
>> Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode <[hidden email]>:
>>
>> Hi
>>
>> I’ve found myself out of my depth and in need of advice.
>> We have a cPanel webspace with mySQL running on a phpMyAdmin layer within the cPanel setup. Communicating with it from LC has been a breeze. However, doing a traffic scan we noticed that our queries and responses from the database are completely visible. Obviously a high security risk.
>>
>> Using an ssl certificate set, how do I implement this? How do I get cPanel to allow for it and get LC to make use of them when using revOpenDatabase? I have the useSSL flag set to Boolean ‘true’. I’ve tried using the set certificates pointing it at the three ssl files. But the data still is fully readable as plaintext in both direction when checked by our traffic scanner.
>>
>> Thanks
>>
>> Sean
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Bill

Thanks for this. We were just discussing the same solution. I already have some php scripts I’m using for the HTML5 deployment of a LC stack as a portal to the same database.

The whole thing needs an overhaul. I’ve inherited this world of pain that has been 10-15years of amateur coding. A testament to LCs ease of learning for my client who had no coding background before. But, boy, is it a mess. The call to the server along with all the credentials had been copy pasted over 900 times inside 700 objects. That’s just counting each time it opens a connection to the database. Bonkers!

I think we’ve got a plan of attack now and some light at the end of this very long tunnel. Let’s see how much speed I can get out of this chuff chuff in the tunnel.

Sean Cole
Pi Digital


> On 16 Oct 2020, at 17:31, William Prothero via use-livecode <[hidden email]> wrote:
>
> Sean:
> You might find this download interesting, perhaps useful:
> http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip <http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip>
>
> It is a demo of AES encryption that I use. The livecode app encrypts it, sends to a php file, which decrypts it and posts to a mysql database. You could even store the data encrypted if you want, but I like to access the db with phpMyAdmin.
>
> Best,
> Bill
>
> William A. Prothero
> https://earthlearningsolutions.org
>
>> On Oct 16, 2020, at 2:51 AM, matthias rebbe via use-livecode <[hidden email]> wrote:
>>
>> Hi Sean,
>>
>> there was a discussion a few weeks ago with the topic "Strange behavior between Mysql, MariaDB and SSL."
>> I am not sure if the information in that discussion will solve your problem.
>>
>> Another approach is the following. For security reasons we do not let communicat our LC apps directly with MySQL Databases, if the Database is hosted on a public server.
>>
>> We using a Livecode Server Script on the Webserver for doing the complete DB communication.
>> Our standalones (Mobile and Desktop) send the requests (password encrypted string) either as POST or GET to the LC Server script. The script encrypts the  request string and executes it. The return from the DB is then returned to our standalone.
>>
>> Another way would be to use an LC server api HostM is providing for free.
>> https://www.hostm.com/tutorials/livecode/api-mariadb-mysql
>>
>>
>> Regards,
>> Matthias
>>
>> -
>> Matthias Rebbe
>> Life Is Too Short For Boring Code
>>
>>>> Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode <[hidden email]>:
>>>
>>> Hi
>>>
>>> I’ve found myself out of my depth and in need of advice.
>>> We have a cPanel webspace with mySQL running on a phpMyAdmin layer within the cPanel setup. Communicating with it from LC has been a breeze. However, doing a traffic scan we noticed that our queries and responses from the database are completely visible. Obviously a high security risk.
>>>
>>> Using an ssl certificate set, how do I implement this? How do I get cPanel to allow for it and get LC to make use of them when using revOpenDatabase? I have the useSSL flag set to Boolean ‘true’. I’ve tried using the set certificates pointing it at the three ssl files. But the data still is fully readable as plaintext in both direction when checked by our traffic scanner.
>>>
>>> Thanks
>>>
>>> Sean
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
When I get a stack like that it's usually easier to figure out what it does
and just rewrite it from scratch.

--
Jacqueline Landman Gay | [hidden email]
HyperActive Software | http://www.hyperactivesw.com
On October 16, 2020 12:16:52 PM Pi Digital via use-livecode
<[hidden email]> wrote:

> Bill
>
> Thanks for this. We were just discussing the same solution. I already have
> some php scripts I’m using for the HTML5 deployment of a LC stack as a
> portal to the same database.
>
> The whole thing needs an overhaul. I’ve inherited this world of pain that
> has been 10-15years of amateur coding. A testament to LCs ease of learning
> for my client who had no coding background before. But, boy, is it a mess.
> The call to the server along with all the credentials had been copy pasted
> over 900 times inside 700 objects. That’s just counting each time it opens
> a connection to the database. Bonkers!
>
> I think we’ve got a plan of attack now and some light at the end of this
> very long tunnel. Let’s see how much speed I can get out of this chuff
> chuff in the tunnel.
>
> Sean Cole
> Pi Digital
>
>
>> On 16 Oct 2020, at 17:31, William Prothero via use-livecode
>> <[hidden email]> wrote:
>>
>> Sean:
>> You might find this download interesting, perhaps useful:
>> http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip 
>> <http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip>
>>
>> It is a demo of AES encryption that I use. The livecode app encrypts it,
>> sends to a php file, which decrypts it and posts to a mysql database. You
>> could even store the data encrypted if you want, but I like to access the
>> db with phpMyAdmin.
>>
>> Best,
>> Bill
>>
>> William A. Prothero
>> https://earthlearningsolutions.org
>>
>>> On Oct 16, 2020, at 2:51 AM, matthias rebbe via use-livecode
>>> <[hidden email]> wrote:
>>>
>>> Hi Sean,
>>>
>>> there was a discussion a few weeks ago with the topic "Strange behavior
>>> between Mysql, MariaDB and SSL."
>>> I am not sure if the information in that discussion will solve your problem.
>>>
>>> Another approach is the following. For security reasons we do not let
>>> communicat our LC apps directly with MySQL Databases, if the Database is
>>> hosted on a public server.
>>>
>>> We using a Livecode Server Script on the Webserver for doing the complete
>>> DB communication.
>>> Our standalones (Mobile and Desktop) send the requests (password encrypted
>>> string) either as POST or GET to the LC Server script. The script encrypts
>>> the  request string and executes it. The return from the DB is then
>>> returned to our standalone.
>>>
>>> Another way would be to use an LC server api HostM is providing for free.
>>> https://www.hostm.com/tutorials/livecode/api-mariadb-mysql
>>>
>>>
>>> Regards,
>>> Matthias
>>>
>>> -
>>> Matthias Rebbe
>>> Life Is Too Short For Boring Code
>>>
>>>>> Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode
>>>>> <[hidden email]>:
>>>>
>>>> Hi
>>>>
>>>> I’ve found myself out of my depth and in need of advice.
>>>> We have a cPanel webspace with mySQL running on a phpMyAdmin layer within
>>>> the cPanel setup. Communicating with it from LC has been a breeze. However,
>>>> doing a traffic scan we noticed that our queries and responses from the
>>>> database are completely visible. Obviously a high security risk.
>>>>
>>>> Using an ssl certificate set, how do I implement this? How do I get cPanel
>>>> to allow for it and get LC to make use of them when using revOpenDatabase?
>>>> I have the useSSL flag set to Boolean ‘true’. I’ve tried using the set
>>>> certificates pointing it at the three ssl files. But the data still is
>>>> fully readable as plaintext in both direction when checked by our traffic
>>>> scanner.
>>>>
>>>> Thanks
>>>>
>>>> Sean
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode




_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
On 10/16/20 10:14 AM, Pi Digital via use-livecode wrote:

The call to the server along with all the credentials had been copy
pasted over 900 times inside 700 objects.

OMG!!!

--
  Mark Wieder
  [hidden email]

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Thanks to this thread for the realisation my remote db connections are not secure. I just checked with Dreamhost and they gave their reasons for not use SSL with their mySQL setup — unacceptable burden on their server and undesirable for web app access; so in their opinion very few shared host environments would enable SSL for mySQL.

So I need some middleware. LC Server would have been ideal, but Dreamhost no longer install it ;-(. I particularly could have used LC Server to drive mailman distribution list subscription/unsubscription tasks from the database for which I do not have a good solution at the moment.

Neville



_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Neville,
Can't you install LC Server on your own on your Dreamhost account. I remember there were others on the list or in the forum who were successful with installing LC Server on their Dreamhost account.


-
Matthias Rebbe
Life Is Too Short For Boring Code

> Am 18.10.2020 um 01:32 schrieb Neville Smythe via use-livecode <[hidden email]>:
>
> Thanks to this thread for the realisation my remote db connections are not secure. I just checked with Dreamhost and they gave their reasons for not use SSL with their mySQL setup — unacceptable burden on their server and undesirable for web app access; so in their opinion very few shared host environments would enable SSL for mySQL.
>
> So I need some middleware. LC Server would have been ideal, but Dreamhost no longer install it ;-(. I particularly could have used LC Server to drive mailman distribution list subscription/unsubscription tasks from the database for which I do not have a good solution at the moment.
>
> Neville
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Dreamhost never did install LC ... but several of us have made it work.
Just get the right server executable and permissions.
I could never get it work account wide but it rocked for individual web
site installation.
--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org


On Sat, Oct 17, 2020 at 4:37 PM matthias rebbe via use-livecode <
[hidden email]> wrote:

> Neville,
> Can't you install LC Server on your own on your Dreamhost account. I
> remember there were others on the list or in the forum who were successful
> with installing LC Server on their Dreamhost account.
>
>
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
>
> > Am 18.10.2020 um 01:32 schrieb Neville Smythe via use-livecode <
> [hidden email]>:
> >
> > Thanks to this thread for the realisation my remote db connections are
> not secure. I just checked with Dreamhost and they gave their reasons for
> not use SSL with their mySQL setup — unacceptable burden on their server
> and undesirable for web app access; so in their opinion very few shared
> host environments would enable SSL for mySQL.
> >
> > So I need some middleware. LC Server would have been ideal, but
> Dreamhost no longer install it ;-(. I particularly could have used LC
> Server to drive mailman distribution list subscription/unsubscription tasks
> from the database for which I do not have a good solution at the moment.
> >
> > Neville
> >
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Jacqueline wrote:
>
> just rewrite it from scratch


Hehe :)

Just to give you an idea of the behemoth of a monstrous beast I have taken
on, here are some stats I just ran a script to collate:

1 Main Stack
95 Substacks (Excl Data grids)
786 Cards
76779 Controls (Excl Data grids)
376377 Lines of code (Excl Data grids)

The database is 63GB with 53 Tables and 1.5million rows of data.

As mentioned, there is a tremendous amount of fat to be burnt off. It's
10-15 years of multiple LCers (including Klaus and Hermann as I understand
it) plus its originator, my boss, Daniel Shapero, who had no previous
coding experience and still only really knows the basics to intermediate
level. It's truly impressive even though he admits himself it's a complete
mess. It's still coded in v5.0.2 because certain bits will fall over when
run in v9.x.y.z. We want to eventually have the whole thing transitioned
over to HTML5 deployment (which would totally be possible if LC HQ pulled
their fingers out and fixed the damned thing - seriously, don't get me
wound up on that again!) as most of the clients (Business Mobile Device
Sales Agencies) and prospective clients don't like installing software on
their PC's. But Daniel, who wants to still have a finger in the coding,
does not want to learn a new language as LC is so simple in comparison to
ANY web-based language.

I only started with them because they needed a way of signing documents
with Adobe Sign (previously EchoSign). Since then I've added DocuSign, MS
DynamicsCRM integration, about to add in Sage CRM support, as well as the
HTML5 portal.

One step at a time...

Sean Cole
*Pi Digital*


On Fri, 16 Oct 2020 at 19:09, J. Landman Gay via use-livecode <
[hidden email]> wrote:

> When I get a stack like that it's usually easier to figure out what it
> does
> and just rewrite it from scratch.
>
> --
> Jacqueline Landman Gay | [hidden email]
> HyperActive Software | http://www.hyperactivesw.com
> On October 16, 2020 12:16:52 PM Pi Digital via use-livecode
> <[hidden email]> wrote:
>
> > Bill
> >
> > Thanks for this. We were just discussing the same solution. I already
> have
> > some php scripts I’m using for the HTML5 deployment of a LC stack as a
> > portal to the same database.
> >
> > The whole thing needs an overhaul. I’ve inherited this world of pain
> that
> > has been 10-15years of amateur coding. A testament to LCs ease of
> learning
> > for my client who had no coding background before. But, boy, is it a
> mess.
> > The call to the server along with all the credentials had been copy
> pasted
> > over 900 times inside 700 objects. That’s just counting each time it
> opens
> > a connection to the database. Bonkers!
> >
> > I think we’ve got a plan of attack now and some light at the end of this
> > very long tunnel. Let’s see how much speed I can get out of this chuff
> > chuff in the tunnel.
> >
> > Sean Cole
> > Pi Digital
> >
> >
> >> On 16 Oct 2020, at 17:31, William Prothero via use-livecode
> >> <[hidden email]> wrote:
> >>
> >> Sean:
> >> You might find this download interesting, perhaps useful:
> >>
> http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip
> >> <
> http://earthlearningsolutions.org/wp-content/uploads/2018/07/RemoteDbEncryption.livecode.zip
> >
> >>
> >> It is a demo of AES encryption that I use. The livecode app encrypts
> it,
> >> sends to a php file, which decrypts it and posts to a mysql database.
> You
> >> could even store the data encrypted if you want, but I like to access
> the
> >> db with phpMyAdmin.
> >>
> >> Best,
> >> Bill
> >>
> >> William A. Prothero
> >> https://earthlearningsolutions.org
> >>
> >>> On Oct 16, 2020, at 2:51 AM, matthias rebbe via use-livecode
> >>> <[hidden email]> wrote:
> >>>
> >>> Hi Sean,
> >>>
> >>> there was a discussion a few weeks ago with the topic "Strange
> behavior
> >>> between Mysql, MariaDB and SSL."
> >>> I am not sure if the information in that discussion will solve your
> problem.
> >>>
> >>> Another approach is the following. For security reasons we do not let
> >>> communicat our LC apps directly with MySQL Databases, if the Database
> is
> >>> hosted on a public server.
> >>>
> >>> We using a Livecode Server Script on the Webserver for doing the
> complete
> >>> DB communication.
> >>> Our standalones (Mobile and Desktop) send the requests (password
> encrypted
> >>> string) either as POST or GET to the LC Server script. The script
> encrypts
> >>> the  request string and executes it. The return from the DB is then
> >>> returned to our standalone.
> >>>
> >>> Another way would be to use an LC server api HostM is providing for
> free.
> >>> https://www.hostm.com/tutorials/livecode/api-mariadb-mysql
> >>>
> >>>
> >>> Regards,
> >>> Matthias
> >>>
> >>> -
> >>> Matthias Rebbe
> >>> Life Is Too Short For Boring Code
> >>>
> >>>>> Am 16.10.2020 um 10:34 schrieb Pi Digital via use-livecode
> >>>>> <[hidden email]>:
> >>>>
> >>>> Hi
> >>>>
> >>>> I’ve found myself out of my depth and in need of advice.
> >>>> We have a cPanel webspace with mySQL running on a phpMyAdmin layer
> within
> >>>> the cPanel setup. Communicating with it from LC has been a breeze.
> However,
> >>>> doing a traffic scan we noticed that our queries and responses from
> the
> >>>> database are completely visible. Obviously a high security risk.
> >>>>
> >>>> Using an ssl certificate set, how do I implement this? How do I get
> cPanel
> >>>> to allow for it and get LC to make use of them when using
> revOpenDatabase?
> >>>> I have the useSSL flag set to Boolean ‘true’. I’ve tried using the
> set
> >>>> certificates pointing it at the three ssl files. But the data still
> is
> >>>> fully readable as plaintext in both direction when checked by our
> traffic
> >>>> scanner.
> >>>>
> >>>> Thanks
> >>>>
> >>>> Sean
> >>>>
> >>>> _______________________________________________
> >>>> use-livecode mailing list
> >>>> [hidden email]
> >>>> Please visit this url to subscribe, unsubscribe and manage your
> >>>> subscription preferences:
> >>>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> >>> _______________________________________________
> >>> use-livecode mailing list
> >>> [hidden email]
> >>> Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
> >>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>
> >> _______________________________________________
> >> use-livecode mailing list
> >> [hidden email]
> >> Please visit this url to subscribe, unsubscribe and manage your
> >> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Neville,

Sorry for your pain but I'm glad it's been brought to light for you too
before someone heinously exploits it. Looks like we've both got some work
on our hands.

From what I have worked out and been advised, using php over https is the
easiest route to switch to.

I say easiest. But it's not going to be easy. This is the full count:

896 Opendatabase
851 revQuery
540 revdberr references
2895 revDataFromQuery; revDatabaseColumnNamed/s
1022 revCloseDatabase; revCloseCursor

It's going to be a long weekend :/

Sean Cole
*Pi Digital*


On Sun, 18 Oct 2020 at 00:32, Neville Smythe via use-livecode <
[hidden email]> wrote:

> Thanks to this thread for the realisation my remote db connections are not
> secure. I just checked with Dreamhost and they gave their reasons for not
> use SSL with their mySQL setup — unacceptable burden on their server and
> undesirable for web app access; so in their opinion very few shared host
> environments would enable SSL for mySQL.
>
> So I need some middleware. LC Server would have been ideal, but Dreamhost
> no longer install it ;-(. I particularly could have used LC Server to drive
> mailman distribution list subscription/unsubscription tasks from the
> database for which I do not have a good solution at the moment.
>
> Neville
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Sean Cole wrote:

> Since then I've added DocuSign, MS DynamicsCRM integration

Are you at liberty to describe what that integration involved?

Specifically, do you use MS' REST API?  And if so, how were you able to
set up the app registration in Azure for successful authentication?

I have a request from a client for integration with Dynamics via REST,
but we're stuck in the maze of options in Azure's admin panels with
regard to the app, groups, roles, flows, and other components come into
play for successful authentication.

I keep hoping we're missing something obvious.  Perhaps we are. I'm
eager to learn how you accomplished that.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
Neville Smythe wrote:

 > So I need some middleware. LC Server would have been ideal, but
 > Dreamhost no longer install it ;-(. I particularly could have used
 > LC Server to drive mailman distribution list
 > subscription/unsubscription tasks from the database for which I do
 > not have a good solution at the moment.

I've been a Dreamhost customer for more than a decade, and I don't
believe they ever offered a hosting configuration with LiveCode
preinstalled.

But many of us have been using LiveCode Server on Dreamhost for a long
time.  LC Server runs under CGI, a standardized convention for allowing
just about any command-line program to be used to augment an Apache web
server.

On shared hosts, the directives used to tell Apache to handle certain
requests by passing them to another program like LC Server are
established in a .htaccess file in the folder those LC files are in.

Give this lesson a go, and let us know if we can lend a hand on any
details to get you up and running with LC Server on Dreamhost:

http://lessons.livecode.com/m/4070/l/36655-how-do-i-install-livecode-server-with-apache-via-htaccess

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode
We have some Azure .net API guys in India we have that make the middle-man
for this. It's all written in C#. I then use REST to talk through that to
the clients DynCRM. I didn't want to go into all the C# which is why we
outsourced it to India. They are great and have often been able to help at
a moments notice when any issue arose.

Sean Cole
*Pi Digital *


On Sun, 18 Oct 2020 at 17:51, Richard Gaskin via use-livecode <
[hidden email]> wrote:

> Sean Cole wrote:
>
> > Since then I've added DocuSign, MS DynamicsCRM integration
>
> Are you at liberty to describe what that integration involved?
>
> Specifically, do you use MS' REST API?  And if so, how were you able to
> set up the app registration in Azure for successful authentication?
>
> I have a request from a client for integration with Dynamics via REST,
> but we're stuck in the maze of options in Azure's admin panels with
> regard to the app, groups, roles, flows, and other components come into
> play for successful authentication.
>
> I keep hoping we're missing something obvious.  Perhaps we are. I'm
> eager to learn how you accomplished that.
>
> --
>   Richard Gaskin
>   Fourth World Systems
>   Software Design and Development for the Desktop, Mobile, and the Web
>   ____________________________________________________________________
>   [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
In reply to this post by Ralph DiMola via use-livecode


> On 19 Oct 2020, at 3:00 am, [hidden email] wrote:
>
> Dreamhost never did install LC ... but several of us have made it work.
> Just get the right server executable and permissions.
> I could never get it work account wide but it rocked for individual web
> site installation.

Ah. I got the distinct impression I would need a dedicated server account on DreamHost, not a shared environment, to instal LC Server; for this user’s site that would not be worth the cost.

To quote the reply from DreamHost:
-----
Unfornately we no longer support LiveCode server on our servers at this
time. Looks like current install steps require root/admin access to some
apache config files, which is not something we allow on our managed
server types.

You could install that on a Dedicated server, or DreamCompute instance if
you wish to, but that would be something you or your developers would
want to do using root on that service.
-----
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Neville Smythe wrote:

>> On 19 Oct 2020, at 3:00 am, use-livecode-request at lists.runrev.com wrote:
>>
>> Dreamhost never did install LC ... but several of us have made it work.
>> Just get the right server executable and permissions.
>> I could never get it work account wide but it rocked for individual web
>> site installation.
>
> Ah. I got the distinct impression I would need a dedicated server account on DreamHost, not a shared environment, to instal LC Server; for this user’s site that would not be worth the cost.
>
> To quote the reply from DreamHost:
> -----
> Unfornately we no longer support LiveCode server on our servers at this
> time. Looks like current install steps require root/admin access to some
> apache config files, which is not something we allow on our managed
> server types.
>
> You could install that on a Dedicated server, or DreamCompute instance if
> you wish to, but that would be something you or your developers would
> want to do using root on that service.
> -----

I'm not sure what that DH rep is going on about, because the same set of
LC Lessons that describe how to set it up via Apache config also include
one on setting it up via .htacces on shared hosts.

I can understand why they don't *support* LC, is in provide technical
support for it, since LC isn't theirs to support.  There are too many
languages in this world to expect a vendor to train their staff in all
of them.

But there's nothing special about setting up LC Server that's much
different from setting up any scripting engine to work as a CGI under
Apache. IMO a shared host wouldn't be worth using if they turned off CGI
support altogether, and thankfully DH hasn't.

Many of us have been using LC Server on Dreamhost shared servers for
many years. And just to make sure nothing has changed, I just did a
fresh install into a new folder on one my servers - try this:

https://fourthworldlabs.com/lcs-test/test.lc

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: SSL cPanel mySql setup

Ralph DiMola via use-livecode
Hi Richard

Since I have been on DreamHost for more than a decade, I would love to have something like this set up. I’m not too proficient with Terminal or Linux, but can follow instructions. I would love to know if there is a crib sheet or step by step or tutorial that I could follow to get an instance running in my space?

Thanks for any information that you can point me to.

Kelly Janz

> On 19Oct, 2020, at 12:35 AM, Richard Gaskin via use-livecode <[hidden email]> wrote:
>
> Neville Smythe wrote:
>
>>> On 19 Oct 2020, at 3:00 am, use-livecode-request at lists.runrev.com wrote:
>>> Dreamhost never did install LC ... but several of us have made it work.
>>> Just get the right server executable and permissions.
>>> I could never get it work account wide but it rocked for individual web
>>> site installation.
>> Ah. I got the distinct impression I would need a dedicated server account on DreamHost, not a shared environment, to instal LC Server; for this user’s site that would not be worth the cost.
>> To quote the reply from DreamHost:
>> -----
>> Unfornately we no longer support LiveCode server on our servers at this
>> time. Looks like current install steps require root/admin access to some
>> apache config files, which is not something we allow on our managed
>> server types. You could install that on a Dedicated server, or DreamCompute instance if
>> you wish to, but that would be something you or your developers would
>> want to do using root on that service. -----
>
> I'm not sure what that DH rep is going on about, because the same set of LC Lessons that describe how to set it up via Apache config also include one on setting it up via .htacces on shared hosts.
>
> I can understand why they don't *support* LC, is in provide technical support for it, since LC isn't theirs to support.  There are too many languages in this world to expect a vendor to train their staff in all of them.
>
> But there's nothing special about setting up LC Server that's much different from setting up any scripting engine to work as a CGI under Apache. IMO a shared host wouldn't be worth using if they turned off CGI support altogether, and thankfully DH hasn't.
>
> Many of us have been using LC Server on Dreamhost shared servers for many years. And just to make sure nothing has changed, I just did a fresh install into a new folder on one my servers - try this:
>
> https://fourthworldlabs.com/lcs-test/test.lc
>
> --
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
12