[baseten-users] Client-server app

Ben Einstein beinstein at me.com
Mon Jul 6 16:57:31 EEST 2009 

Hi Dan,

While I've never done it, I believe at least OS X supports  
simultaneous VPN connections, so long as it's not to the same server.

You may want to check the documentation.

Ben

On Jul 6, 2009, at 9:54 AM, Daniel Brajkovic wrote:

> Both notes this morning were very helpful. Regarding VPN, the  
> biggest problem, I think, is that how would someone VPN to my server  
> if they are already VPN'd to their office for example?
>
> The SSH solution might be right for me however. Thanks everyone.
>
> Dan
>
>
> On Jul 6, 2009, at 8:29 AM, Ben Einstein wrote:
>
>> Hi Daniel,
>>
>> I too also strongly agree with the VPN solution. This is the  
>> solution we use for our remote database connections and it has  
>> worked quite well. I'm not familiar with your application or it's  
>> user arrangement, but we've found the VPN solution to be extremely  
>> secure and user's security concerns are usually quelled by when  
>> hearing that they're using VPN to connect to our database  
>> instances. As Marko wisely recommended, VPN (or SSH) is adding an  
>> additional layer of security to Postgres, which is already very  
>> secure.
>>
>> A key point of our solution was transparency: the user is never  
>> aware that VPN is being used. When the application is being run for  
>> the first time, the System Configuration framework is used to setup  
>> the VPN connection using some default settings. Passwords are added  
>> to the keychain, etc. Every time thereafter the application first  
>> pings to see if the database server can be discovered locally and  
>> if not, it dials the VPN connection, all without the user having to  
>> perform any secondary actions. I will admit that System  
>> Configuration manipulation can be quite difficult, especially the  
>> template tool, but I'd be willing to provide you with some code to  
>> help that process go smoothly for you.
>>
>> Hope that helps,
>> Ben
>>
>> On Jul 6, 2009, at 6:33 AM, Marko Karppinen wrote:
>>
>>> On 5.7.2009, at 23.23, Daniel Brajkovic wrote:
>>>
>>>> Sorry, I just cant let it go. Tuukka,  I hope you had a great  
>>>> holiday.
>>>>
>>>> I found this link describing how he used Distributed Objects with  
>>>> CoreData.  I tried to adapt it to BaseTen.  But no luck.  Maybe  
>>>> you'll have better luck.
>>>
>>> Hi Daniel -- I've been following this discussion from the start  
>>> but haven't been able to participate before. Sorry about that.  
>>> Let's start from the beginning.
>>>
>>> You wanted to have a BaseTen application work over the internet,  
>>> but were cautioned not to make Postgres itself accessible to the  
>>> whole world. That's sound advice, generally called Security in  
>>> Depth: all things being equal, adding another layer of security  
>>> should make the whole system more secure.
>>>
>>> All things are never equal, though. Postgres in particular has a  
>>> very solid and mature security infrastructure, and it's fine- 
>>> grained permission system is likely to be much more secure than  
>>> anything you'd roll on your own. And that's crucial here, because  
>>> if you think about it, your plan of using DO is not adding a layer  
>>> of security on top of Postgres's, but is instead replacing the  
>>> security layer Postgres provides by your own code in the Cocoa  
>>> layer.
>>>
>>> This is true of most web application frameworks, too: typically  
>>> the app server accesses the database with near-to-superuser  
>>> privileges, leaving the framework's security layer as the only  
>>> protection between an attacker and all of your data.
>>>
>>> I'm not saying that web application frameworks -- or your Cocoa  
>>> code -- are insecure, though. I'm just saying that there's no  
>>> reason to believe they more secure than Postgres.
>>>
>>> Here's my recommendation:
>>>
>>> The VPN suggestion was a sensible one, and I think you turned it  
>>> down because of the idea of your users needing the fiddle with VPN  
>>> settings etc -- surely a non-starter. But thinking of VPN a bit  
>>> more broadly, it would surely be possible to integrate pseudo-VPN  
>>> functionality into your app so that your users wouldn't need to  
>>> worry about it at all.
>>>
>>> Specifically, I'm thinking of your application automatically  
>>> opening an SSH tunnel onto your database server. This would make  
>>> the Postgres socket only accessible to licensed users of your app.
>>>
>>> Finally, as you've already found out, DO is not without its  
>>> problems. Here's a blog post outlining many of them: http://mooseyard.com/Jens/2009/07/the-subtle-dangers-of-distributed-objects/
>>>
>>> To me, that stuff sounds way worse than exposing a well-secured  
>>> Postgres instance to your paying subscribers.
>>>
>>> Marko
>>>
>>>
>>> _______________________________________________
>>> baseten-users mailing list
>>> baseten-users at lists.basetenframework.org
>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>
>>
>> _______________________________________________
>> baseten-users mailing list
>> baseten-users at lists.basetenframework.org
>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>
> _______________________________________________
> baseten-users mailing list
> baseten-users at lists.basetenframework.org
> http://lists.basetenframework.org/mailman/listinfo/baseten-users

More information about the baseten-users mailing list