PostgreSQL SSL Support
PostgreSQL is a client-server RDBMS which the LiveCode platform has long supported. However, whilst LiveCode’s MySQL driver allows the use of SSL to secure connections this feature has never been added to the PostgreSQL driver. Being able to secure database connections is important to prevent snooping and man-in-the-middle attacks on data streams travelling between client and server.
Overview
PostgreSQL is a client-server RDBMS which the LiveCode platform has long supported. However, whilst LiveCode’s MySQL driver allows the use of SSL to secure connections this feature has never been added to the PostgreSQL driver. Being able to secure database connections is important to prevent snooping and man-in-the-middle attacks on data streams travelling between client and server.
In addition, whilst undertaking the work to add SSL support we would also round out the platform support of the PostgreSQL driver – adding iOS and Android builds.
Benefits
By adding SSL support to the PostgreSQL it ensures that use of that system can conform to security best-practice. In addition, it ensures that LiveCode can be used to communicate with PostgreSQL databases where the setup mandates the use of SSL.
Additionally, support for directly accessing PostgreSQL databases from Android and iOS would be added.
Proposal
There are several parts to updating the PostgreSQL driver to support SSL:
- Update the libpq client library to the latest version (9.1) and update the build scripts to ensure it builds for all platforms.
- Ensure that the libpq client library weakly links to LiveCode’s build of OpenSSL (revsecurity) so that support is optional.
- Update the connection API used by the dbpostgres driver to one which allows configuration parameters to be specified.
- Augment revOpenDatabase for PostgreSQL to accept additional parameters to pass through to the driver to enable configuration of SSL, as well as other aspects of the connection.
As mentioned in (3) and (4) the latest version of the libpq client library allows a range of configuration options to be specified at connection time – the most important of which are SSL-related. Options are simple key-value pairs which would be either passed as extra parameters to revOpenDatabase, or as an extra array parameter. For full details of the configuration options we would make available, please see here – http://www.postgresql.org/docs/9.1/static/libpq-connect.html.
If this project is successfully funded we estimate that we will commence development at the start of October with an estimated final delivery at the end of October 2015
Bonus For You
Pledge a total of $99 or more across all our campaigns this week, and we’ll give you a bonus if your backed campaigns fund: free access to the Simulcast (live web streaming) of our 2016 LiveCode conference. You’ll be able to watch the whole thing, ask questions and rewind the recording at your leisure. List value $299.
david simpson
Bernd Niggemann
Malte Brill
Harald Schlager
Martha Weller
Clifton McKenzie
Mark Clark
Saman Sjukur
Patrice Laboulet
Alexander Sharp
Ralf Bitter
Peter Bogdanoff
4 comments
Join the conversationHarald - September 21, 2015
hi ! I currently use version 9.4. if it is really linked to 9.1 could we use 9.4 features ? thanks, harald
Mark - September 22, 2015
Hi Harald,
We’ll use the latest available version of libpq at the time we implement the feature – so 9.4.
However, the client library version rarely has an effect on the features you can use – as the client library is just responsible for packaging up the requests to the server. It is the server version which determines what goodies you have access to 🙂
Mark.
Malte - September 22, 2015
If we see it gets close, is there a way to raise the pledges?
Malte - September 22, 2015
Nevermind… Overlooked the huge green button 🙂