Which database is best for remote sync

  1. 4 weeks ago

    Nathan W

    Nov 11 Pre-Release Testers, Xojo Pro Europe (UK, Jersey)

    Hi

    I am thinking about writing my first mobile app in xojo that will also have a web and desktop version.

    I was thinking about using a cloud based database to deal with all the syncing etc and was wandering which services people have used with Xojo to do this.

  2. Markus R

    Nov 11 Pre-Release Testers, Xojo Pro Europe / Germany

    hmm,
    2 possibilities,

    direct,
    myself testing a mysql/maria database server enviroment in a vps.
    so the web app is together with the database.
    for desktop app i used ssl connection to mysql.
    to protect a vps you need expert knowledge. (for testing there exists free online services)

    indirect, (circuity)
    json, xml, object serialization between server & client.

    making web apps (to use at phone) are a little bit tricky because network connection, sessions, app will restart, ssl certificate.
    + for geolocation at android phone in chrome browser ssl is mandatory.

  3. Tomas J

    Nov 11 Pre-Release Testers, Xojo Pro Europe (Germany)
    Edited 4 weeks ago

    FULL STOP!

    Never ever connect directly to any database via Web, Never ever leave your database with open ports to the internet (MariaDB, Postgres, MSSQL whatever).

    This is not only bad habit this is completly unsecure. Your authentification and your data transfer is completly unencrpted so everybody in between can read everything in cleartext.

    The usal way is to use a JSON Webservice with TLS encryption, Cert-Check, DH Key Exchange and full encryption of your transfered data.

  4. Markus R

    Nov 11 Pre-Release Testers, Xojo Pro Europe / Germany
    Edited 4 weeks ago

    Your authentification and your data transfer is completly unencrpted so everybody in between can read everything in cleartext.

    i not agree if u use ssl.

    why do you fear open ports, there is ssl and certificates? nobody will see login data or transfer data.
    if web app + database is on the same server where is the problem.
    if desktop app use ssl where is the problem.

    i agree with that open ports can be misused and software behind can crash if it would let connect everything.

    the biggest security risk is the installed open source software with this "endless" dependencies, especially at linux.

    docs.xojo.com/MySQLCommunityServer.SSLEnabled

  5. Tomas J

    Nov 11 Pre-Release Testers, Xojo Pro Europe (Germany)
    Edited 4 weeks ago

    First you mean TLS not SSL. Second this is not secure either. Every Proxy Server or Man in the middle can put himself in between because in 99,9% either mySQL/MariaDB or your app is checking the certs and the hosts. In Enterprise networks with Deep Packets Inspection Firewalls this is sometimes mandantory. You may use your fav search engine for words like fragrouter, dnsspoof, webmitm, ssldump or urlsnarf if you want to play around with MITM methods.

    @Markus Rauch the biggest security risk is the installed open source software with this "endless" dependencies, especially at linux.

    Interesting statement, so why you are using Open Source MariaDB, openSSL Libs and SSH then?

  6. Markus R

    Nov 11 Pre-Release Testers, Xojo Pro Europe / Germany
    Edited 4 weeks ago

    "Man in the middle" all admin people that are working at ionos as example? or Mr. Zuckerberg. :)
    typically both device need a certificate to trust each other.
    means for TLS you need a authentication with certificate. (the link above with ssl enabled should do it)

    Interesting statement, so why you are using Open Source MariaDB, openSSL Libs and SSH then?

    because its free. ;)
    just be aware of "sudo", same for windows if you install something with Admin permissions.

  7. Neil B

    Nov 11 Pre-Release Testers

    @Tomas J FULL STOP!

    Never ever connect directly to any database via Web, Never ever leave your database with open ports to the internet (MariaDB, Postgres, MSSQL whatever).

    In case you need proof...

    -image-

  8. Markus R

    Nov 11 Pre-Release Testers, Xojo Pro Europe / Germany

    @Neil B In case you need proof...

    ups, should not happen.

    there are many security vulnerability and possibilities.
    it could also happen with a indirect webservice.

  9. Norman P

    Nov 11 Pre-Release Testers, Xojo Pro under a bus
    Edited 4 weeks ago

    @Markus R because its free. ;)

    Better read the licenses for them as they are NOT free for commercial use
    If you want a truly free for any use database use PostregSQL

    End do NOT expose you db directly to the internet
    Put some service in between as then the service has to be hacked first
    And that service can do a better job of hiding what DB is used
    That information alone can be used to hack the DB itself as there are known vulnerabilities for most of them

  10. Nathan W

    Nov 11 Pre-Release Testers, Xojo Pro Europe (UK, Jersey)

    Really useful info thanks.

    Going back to my original question, i am trying to find a database service that will handle all the sync issues for me. Maybe something like Fireband or something else that will work with xojo.

  11. last week

    I'm interested in this too..

or Sign Up to reply!