Open onaseef opened 12 years ago
gilbert
commented
12 years ago The only spot where SSL would be useful is user login. The server already connects to the private database through a secure vpn, and mobile clients don't need a password to read the public database.
onaseef
commented
12 years ago Is the write to the public db also secure?
Sent from my iPhone
On Feb 11, 2012, at 8:42 PM, Gilbert reply@reply.github.com wrote:
The only spot where SSL would be useful is user login. The server already connects to the private database through a secure vpn, and mobile clients don't need a password to read the public database.
Reply to this email directly or view it on GitHub: https://github.com/onaseef/yomobi/issues/188#issuecomment-3925329
gilbert
commented
12 years ago Yes, it is.
onaseef
commented
12 years ago So just to be totally clear, are there any Yomobi system passwords or private keys that transmit clear text? Is the amazon web services key also encrypted?
gilbert
commented
12 years ago The only Yomobi system password that is transmitted through plain text is the page at http://yomobi.com/admin/companies . I don't think the amazon services key is encrypted, but that is only used on the server side, so no users will ever see them.
I recall you said I'd have to buy a certificate to get SSL with the private database.
How long would it take to implement the backend to connect using SSL once I have the certificate?
Also, does the public database already connect with SSL? If not, can we make that happen as well?
This is a bit of a high priority as we get more customers. We need to make sure our password is secure.
Is it the server that connects to the private database, or is it the individual client machines?