XojoCloud Web App to offsite Customer Postgresql DB secure Connection

Hello together,

i’m thinking about the best way to connect from XojoXloud to offsite Postgres DB in a secure way.

i made a test with open Firewall Port to connect and it works fine. But i need a secure connection now.

I’m not very familiar with configuring ssh or ssl at the Postgres server.

What is the best way to to from a Xojo Cloud Web App.
ssh or ssl

I ask myself if and how i can install a ssl client certificate to the XojoCloud Server when connecting with ssl to the Postgres DB.

Any tips and help are welcome.

thanks

Björn

Hi Björn - I think that you can open that firewall port and then specify a certificate using http://documentation.xojo.com/index.php/PostgreSQLDatabase.SSLCertificate - should work fine.

Jason

But you should not be opening the firewall port on the Postgres side to the world. Doing so opens your server to a lot of serious attack scenarios.

Hi Jason and Greg,

thanks for your replies.

Firewall on the client side is just configured to let only the Postgres Port pass to the Postgres Server.

I will test it the next days with SSL Configuration

Björn

Perhaps it’s a good idea to make a webinar of some security themes and databases with XOJO…

when you leave the “secure” world of LAN and Desktop it can be a little tricky… i think a webinar of setting up secure connections with in my case postgresql (ssl and ssh) or mysql can be interesting for a lot of users…

The configuration on the Server Side is the main work i think… your Blog was first help and shows how different scenarios can be…

Björn

[quote=271407:@Björn Dohle]Hi Jason and Greg,

thanks for your replies.

Firewall on the client side is just configured to let only the Postgres Port pass to the Postgres Server.

I will test it the next days with SSL Configuration

Björn[/quote]
I understand, but unless it’s configured to only allow traffic from this particular server, anyone could access the Postgres server via that port. Even without a valid username/password, the server still allows connections. There was a Postgres vulnerability a few years ago which allowed hackers root access to the machine that way.

If you can’t secure it by IP then use something like OpenVPN.

An open database port is to hackers what a light bulb is to a moth…