MySQLCommunityServer.SSLKey

Chris_O_Brien · October 3, 2019, 3:11pm

Hi

The SSLKey property looks for the private key for an SSL connection. How can you access this file if it’s not to be made available to the public?

Thanks

Chris

Chris_O_Brien · October 4, 2019, 6:23am

Can anyone advise me on how I can hide my private key?

Jean-Yves_Pochez · October 4, 2019, 7:56am

I asked for the same thing some times ago, for postgresql, but got no answer .
may be it’s too secret to be explained ?

Jürg_Otter · October 4, 2019, 8:53am

Isn’t that the very same approach as with every other “connection type (SSH, sFTP, …)” using this mechanism…?

Each user has his own private key. So you prompt each user to choose/select this personal file on his own. Store it’s path in your application’s user preferences.

When connecting, you then just assign the FolderItem(s) before connecting.

Phillip_Zedalis · October 4, 2019, 2:12pm

When using SSL mode with MySQL both the server and client have certificates signed by the same CA. The server would have a publicly accessible certificate and a key to match. The client would have a cert and a key to match.

Chris_O_Brien · October 4, 2019, 7:25pm

Thanks for the replies - Maybe it’s my lack of understanding. I would have thought giving out a private key would have opened the opportunity of the file being copied - I suppose that’s the case no matter what files are used - When I was setting up my SSL cert for my website, the file was only accessible by my server and only the crt file made available to the public.

Chris_O_Brien · October 6, 2019, 5:07pm

It seems possible so Xojo desktop is way less secure than a web solution… is there a way to assign a virtual file from memory or a memoryblock, so the private key could be stored as a constant or encrypted file?

Phillip_Zedalis · October 6, 2019, 6:02pm

No. You are trying to solve the wrong problem though. You don’t really want all those clients connecting to your database locking tables with transactions and directly manipulating data from who knows where. You need a service layer that talks to the database and your clients talk to it. In most cases HTTPS via REST is sufficient.

Chris_O_Brien · October 6, 2019, 6:23pm

Thanks Phillip. Food for thought!

Jürg_Otter · October 6, 2019, 6:51pm

Have a look at these two Xojo’s Webinars:

Chris_O_Brien · October 6, 2019, 7:05pm

Thanks Jürg, I’ve actually watched these in the paste and currently trying to implement some of Paul’s advice in an iOS app. I would have always thought a direct connection to the MySQL data would have been more responsive and efficient through MySQLCommunityServer and REST would be used more when you are also maintaining a local SQLite DB