[baseten-users] Client-server app

Ben Einstein beinstein at me.com
Mon Jul 6 20:56:21 EEST 2009 

I think you mean SSH? It seemed you were previously opposed to having  
a public port open to your database server? If so, I use cocoa- 
sshtunnel, which is under GPLv2. Depending on your exact  
specifications, you may be able to use some of the source from this  
project to teach you how to create tunnels to the database server:

http://code.google.com/p/cocoa-sshtunnel/

If I'm incorrect and you have decided to use SSL directly into  
Postgres, this is very helpful (if you haven't already seen it):

http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html

Good luck,
Ben

On Jul 6, 2009, at 1:34 PM, Daniel Brajkovic wrote:

> Thanks. I did not know that.  However, I also thought of another  
> issue with VPN.  At a previous employer, for example, the company's  
> firewall prevented outbound VON connections.  I think SSL is the  
> right way to go.
>
> However, after having spent all morning reading about SSL, certs,  
> etc., I'm sure I might need a little guidance, when I'm ready to  
> start shipping beta versions.
>
> Thanks.
>
>
>
>
> On Jul 6, 2009, at 8:57 AM, Ben Einstein wrote:
>
>> Hi Dan,
>>
>> While I've never done it, I believe at least OS X supports  
>> simultaneous VPN connections, so long as it's not to the same server.
>>
>> You may want to check the documentation.
>>
>> Ben
>>
>> On Jul 6, 2009, at 9:54 AM, Daniel Brajkovic wrote:
>>
>>> Both notes this morning were very helpful. Regarding VPN, the  
>>> biggest problem, I think, is that how would someone VPN to my  
>>> server if they are already VPN'd to their office for example?
>>>
>>> The SSH solution might be right for me however. Thanks everyone.
>>>
>>> Dan
>>>
>>>
>>> On Jul 6, 2009, at 8:29 AM, Ben Einstein wrote:
>>>
>>>> Hi Daniel,
>>>>
>>>> I too also strongly agree with the VPN solution. This is the  
>>>> solution we use for our remote database connections and it has  
>>>> worked quite well. I'm not familiar with your application or it's  
>>>> user arrangement, but we've found the VPN solution to be  
>>>> extremely secure and user's security concerns are usually quelled  
>>>> by when hearing that they're using VPN to connect to our database  
>>>> instances. As Marko wisely recommended, VPN (or SSH) is adding an  
>>>> additional layer of security to Postgres, which is already very  
>>>> secure.
>>>>
>>>> A key point of our solution was transparency: the user is never  
>>>> aware that VPN is being used. When the application is being run  
>>>> for the first time, the System Configuration framework is used to  
>>>> setup the VPN connection using some default settings. Passwords  
>>>> are added to the keychain, etc. Every time thereafter the  
>>>> application first pings to see if the database server can be  
>>>> discovered locally and if not, it dials the VPN connection, all  
>>>> without the user having to perform any secondary actions. I will  
>>>> admit that System Configuration manipulation can be quite  
>>>> difficult, especially the template tool, but I'd be willing to  
>>>> provide you with some code to help that process go smoothly for  
>>>> you.
>>>>
>>>> Hope that helps,
>>>> Ben
>>>>
>>>> On Jul 6, 2009, at 6:33 AM, Marko Karppinen wrote:
>>>>
>>>>> On 5.7.2009, at 23.23, Daniel Brajkovic wrote:
>>>>>
>>>>>> Sorry, I just cant let it go. Tuukka,  I hope you had a great  
>>>>>> holiday.
>>>>>>
>>>>>> I found this link describing how he used Distributed Objects  
>>>>>> with CoreData.  I tried to adapt it to BaseTen.  But no luck.   
>>>>>> Maybe you'll have better luck.
>>>>>
>>>>> Hi Daniel -- I've been following this discussion from the start  
>>>>> but haven't been able to participate before. Sorry about that.  
>>>>> Let's start from the beginning.
>>>>>
>>>>> You wanted to have a BaseTen application work over the internet,  
>>>>> but were cautioned not to make Postgres itself accessible to the  
>>>>> whole world. That's sound advice, generally called Security in  
>>>>> Depth: all things being equal, adding another layer of security  
>>>>> should make the whole system more secure.
>>>>>
>>>>> All things are never equal, though. Postgres in particular has a  
>>>>> very solid and mature security infrastructure, and it's fine- 
>>>>> grained permission system is likely to be much more secure than  
>>>>> anything you'd roll on your own. And that's crucial here,  
>>>>> because if you think about it, your plan of using DO is not  
>>>>> adding a layer of security on top of Postgres's, but is instead  
>>>>> replacing the security layer Postgres provides by your own code  
>>>>> in the Cocoa layer.
>>>>>
>>>>> This is true of most web application frameworks, too: typically  
>>>>> the app server accesses the database with near-to-superuser  
>>>>> privileges, leaving the framework's security layer as the only  
>>>>> protection between an attacker and all of your data.
>>>>>
>>>>> I'm not saying that web application frameworks -- or your Cocoa  
>>>>> code -- are insecure, though. I'm just saying that there's no  
>>>>> reason to believe they more secure than Postgres.
>>>>>
>>>>> Here's my recommendation:
>>>>>
>>>>> The VPN suggestion was a sensible one, and I think you turned it  
>>>>> down because of the idea of your users needing the fiddle with  
>>>>> VPN settings etc -- surely a non-starter. But thinking of VPN a  
>>>>> bit more broadly, it would surely be possible to integrate  
>>>>> pseudo-VPN functionality into your app so that your users  
>>>>> wouldn't need to worry about it at all.
>>>>>
>>>>> Specifically, I'm thinking of your application automatically  
>>>>> opening an SSH tunnel onto your database server. This would make  
>>>>> the Postgres socket only accessible to licensed users of your app.
>>>>>
>>>>> Finally, as you've already found out, DO is not without its  
>>>>> problems. Here's a blog post outlining many of them: http://mooseyard.com/Jens/2009/07/the-subtle-dangers-of-distributed-objects/
>>>>>
>>>>> To me, that stuff sounds way worse than exposing a well-secured  
>>>>> Postgres instance to your paying subscribers.
>>>>>
>>>>> Marko
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> baseten-users mailing list
>>>>> baseten-users at lists.basetenframework.org
>>>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>>>
>>>>
>>>> _______________________________________________
>>>> baseten-users mailing list
>>>> baseten-users at lists.basetenframework.org
>>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>>
>>> _______________________________________________
>>> baseten-users mailing list
>>> baseten-users at lists.basetenframework.org
>>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>>
>>
>> _______________________________________________
>> baseten-users mailing list
>> baseten-users at lists.basetenframework.org
>> http://lists.basetenframework.org/mailman/listinfo/baseten-users
>
> _______________________________________________
> baseten-users mailing list
> baseten-users at lists.basetenframework.org
> http://lists.basetenframework.org/mailman/listinfo/baseten-users

More information about the baseten-users mailing list