[baseten-users] Portable Distributed Objects

Daniel Brajkovic daniel at brajkovic.com
Sun Jun 14 05:32:27 EEST 2009 

HI.

VPN is out of the question. This is a public subscriber-based app, not  
in-house.

Speed is not an issue because the best alternative now, is consuming a  
web service, and opening, authenticating, closing connections has GOT  
to be slower than maintaining a open connection.

But you raise an interesting point that I did not consider; I didn't  
consider that the BXDatabase objects would live on the Server then,  
not on the client. It would be an interesting experiment as to how  
many clients such a setup could handle.

Since I wrote the original email, I did some looking and found this in  
PostgreSQL docs (looks like its new for PostgreSQL 8.4rc1):

19.3.8. Certificate authentication
This authentication method uses SSL client certificates to perform  
authentication. It is therefore only available for SSL connections.  
When using this authentication method, the server will require that  
the client provide a valid certificate. No password prompt will be  
sent to the client. The cnattribute of the certificate will be  
compared to the requested database username, and if they match the  
login will be allowed. Username mapping can be used to allow cn to be  
different from the database username.
The following configuration options are supported for SSL certificate  
authentication:

map
Allows for mapping between system and database usernames. See Section  
19.2 for details.


This would solve my problems because I could just email clients a  
valid cert.  Would it be difficult to implement this into BaseTen? And  
have you tried BaseTen with 8.4 beta?

Dan


On Jun 13, 2009, at 8:58 PM, Tuukka Norri wrote:

> Hi!
>
> Daniel Brajkovic kirjoitti 13.6.2009 kello 11.15:
>> To use BaseTen, I can expose my PostgreSQL DB to the internet, but  
>> I've read OVER and OVER that that is not good practice. Especially  
>> in my case where, multiple subscribers all use a single database,  
>> but only have access to their own records. And each subscriber can  
>> also have multiple users.
>>
>> Alternatively, what if I vended a ServerObject via Portable  
>> Distributed Objects (PDO) and created a BXDatabaseContext  
>> (remoteDatabaseContext) instance on the server. Then connect my  
>> Array Controllers to that remoteDatabaseContext?
>
> We haven't tested BaseTen with PDO and I hardly have any experience  
> with it. There could be some speed issues if BXDatabaseObjects are  
> instantiated on the server. Their database context reference should  
> probably be changed to a DO proxy or another layer of caching should  
> be added, but both would require some extra code.
>
> Would it be possible to make the database server available only over  
> VPN? We use that kind of an arrangement.
> -- 
> Best regards,
> Tuukka Norri
> MK&C
>
>
> _______________________________________________
> baseten-users mailing list
> baseten-users at lists.basetenframework.org
> http://lists.basetenframework.org/mailman/listinfo/baseten-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
URL: <http://lists.basetenframework.org/pipermail/baseten-users/attachments/20090613/ca670576/attachment.bin>

More information about the baseten-users mailing list