[dba-Tech] SSL or SSH or Other?

Arthur Fuller fuller.artful at gmail.com
Mon Jul 22 07:16:13 CDT 2013 

I'm working on a project called TLM, as described briefly below. Any
networking experts have any suggestions?

Hi Arthur,

 I just submitted the following ticket to my data center and wanted you to
have a look in case it was something you wanted to work on.

 It would kill two birds with one stone, as it would also solve your
connection issue that is still preventing you from being able to test TLM
in its minimum performance configuration (ie when connected to a datacenter)

 “We have been redesigning our application to work with an ODBC connection
to the MySQL database on a Firehost server, and have been allowing limited
client access by making port open requests. This has been doable during the
initial development of this new version, as not many clients have been
given access to this version yet.

We are going to need a better solution, mostly for traveling users who
aren't going to want to wait for a port to be opened from an IP address
they are only going to use once or twice.

I'm looking for strategy suggestions that would be the best long term
solution. We looked into SSH a little, but haven't been able to implement
anything that worked. I know SSL might be an option, and ideally I could
build the security into the application so that the user just needed to
configure the IP address of the firehost server they have been assigned to
and then the MySQL security would let them into the correct database once
they where through your firewall and at the correct server.

Since network security was your forte, I thought I would see if anyone
there had any thoughts on the issue that might be relevant to a strategy
that would work best for your data center.”

 Right now the only ways into the datacenter are via a VPN connection, or
if they open 3306 to a specific IP address. I’m not enough of a security
expert to know which direction to head on this one, and which direction
seems like the best bet for building something into TLM that would
accomplish the security handshake automatically based on minimum
credentials configured in TLM.

 Hope all is well,

David

Thanks in advance for any suggestions


-- 
Arthur
Cell: 647.710.1314

Prediction is difficult, especially of the future.
  -- Niels Bohr

More information about the dba-Tech mailing list