[baseten-users] Client-server app

Daniel Brajkovic daniel at brajkovic.com
Mon Jul 6 20:34:51 EEST 2009 

Thanks. I did not know that.  However, I also thought of another issue  
with VPN.  At a previous employer, for example, the company's firewall  
prevented outbound VON connections.  I think SSL is the right way to go.

However, after having spent all morning reading about SSL, certs,  
etc., I'm sure I might need a little guidance, when I'm ready to start  
shipping beta versions.

Thanks.




On Jul 6, 2009, at 8:57 AM, Ben Einstein wrote:

> Hi Dan,
>
> While I've never done it, I believe at least OS X supports  
> simultaneous VPN connections, so long as it's not to the same server.
>
> You may want to check the documentation.
>
> Ben
>
> On Jul 6, 2009, at 9:54 AM, Daniel Brajkovic wrote:
>
>> Both notes this morning were very helpful. Regarding VPN, the  
>> biggest problem, I think, is that how would someone VPN to my  
>> server if they are already VPN'd to their office for example?
>>
>> The SSH solution might be right for me however. Thanks everyone.
>>
>> Dan
>>
>>
>> On Jul 6, 2009, at 8:29 AM, Ben Einstein wrote:
>>
>>> Hi Daniel,
>>>
>>> I too also strongly agree with the VPN solution. This is the  
>>> solution we use for our remote database connections and it has  
>>> worked quite well. I'm not familiar with your application or it's  
>>> user arrangement, but we've found the VPN solution to be extremely  
>>> secure and user's security concerns are usually quelled by when  
>>> hearing that they're using VPN to connect to our database  
>>> instances. As Marko wisely recommended, VPN (or SSH) is adding an  
>>> additional layer of security to Postgres, which is already very  
>>> secure.
>>>
>>> A key point of our solution was transparency: the user is never  
>>> aware that VPN is being used. When the application is being run  
>>> for the first time, the System Configuration framework is used to  
>>> setup the VPN connection using some default settings. Passwords  
>>> are added to the keychain, etc. Every time thereafter the  
>>> application first pings to see if the database server can be  
>>> discovered locally and if not, it dials the VPN connection, all  
>>> without the user having to perform any secondary actions. I will  
>>> admit that System Configuration manipulation can be quite  
>>> difficult, especially the template tool, but I'd be willing to  
>>> provide you with some code to help that process go smoothly for you.
>>>
>>> Hope that helps,
>>> Ben
>>>
>>> On Jul 6, 2009, at 6:33 AM, Marko Karppinen wrote:
>>>
>>>> On 5.7.2009, at 23.23, Daniel Brajkovic wrote:
>>>>
>>>>> Sorry, I just cant let it go. Tuukka,  I hope you had a great  
>>>>> holiday.
>>>>>
>>>>> I found this link describing how he used Distributed Objects  
>>>>> with CoreData.  I tried to adapt it to BaseTen.  But no luck.   
>>>>> Maybe you'll have better luck.
>>>>
>>>> Hi Daniel -- I've been following this discussion from the start  
>>>> but haven't been able to participate before. Sorry about that.  
>>>> Let's start from the beginning.
>>>>
>>>> You wanted to have a BaseTen application work over the internet,  
>>>> but were cautioned not to make Postgres itself accessible to the  
>>>> whole world. That's sound advice, generally called Security in  
>>>> Depth: all things being equal, adding another layer of security  
>>>> should make the whole system more secure.
>>>>
>>>> All things are never equal, though. Postgres in particular has a  
>>>> very solid and mature security infrastructure, and it's fine- 
>>>> grained permission system is likely to be much more secure than  
>>>> anything you'd roll on your own. And that's crucial here, because  
>>>> if you think about it, your plan of using DO is not adding a  
>>>> layer of security on top of Postgres's, but is instead replacing  
>>>> the security layer Postgres provides by your own code in the  
>>>> Cocoa layer.
>>>>
>>>> This is true of most web application frameworks, too: typically  
>>>> the app server accesses the database with near-to-superuser  
>>>> privileges, leaving the framework's security layer as the only  
>>>> protection between an attacker and all of your data.
>>>>
>>>> I'm not saying that web application frameworks -- or your Cocoa  
>>>> code -- are insecure, though. I'm just saying that there's no  
>>>> reason to believe they more secure than Postgres.
>>>>
>>>> Here's my recommendation:
>>>>
>>>> The VPN suggestion was a sensible one, and I think you turned it  
>>>> down because of the idea of your users needing the fiddle with  
>>>> VPN settings etc -- surely a non-starter. But thinking of VPN a  
>>>> bit more broadly, it would surely be possible to integrate pseudo- 
>>>> VPN functionality into your app so that your users wouldn't need  
>>>> to worry about it at all.
>>>>
>>>> Specifically, I'm thinking of your application automatically  
>>>> opening an SSH tunnel onto your database server. This would make  
>>>> the Postgres socket only accessible to licensed users of your app.
>>>>
>>>> Finally, as you've already found out, DO is not without its  
>>>> problems. Here's a blog post outlining many of them: http://mooseyard.com/Jens/2009/07/the-subtle-dangers-of-distributed-objects/
>>>>
>>>> To me, that stuff sounds way worse than exposing a well-secured  
>>>> Postgres instance to your paying subscribers.
>>>>
>>>> Marko
>>>>
>>>>
>>>> _______________________________________________
>>>> baseten-users mailing list
>>>> baseten-users at lists.basetenframework.org
>>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>>
>>>
>>> _______________________________________________
>>> baseten-users mailing list
>>> baseten-users at lists.basetenframework.org
>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>
>> _______________________________________________
>> baseten-users mailing list
>> baseten-users at lists.basetenframework.org
>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>
>
> _______________________________________________
> baseten-users mailing list
> baseten-users at lists.basetenframework.org
> http://lists.basetenframework.org/mailman/listinfo/baseten-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
URL: <http://lists.basetenframework.org/pipermail/baseten-users/attachments/20090706/c1a11350/attachment-0001.bin>

More information about the baseten-users mailing list