Was just thinking about accessing my database from my iPhone and that leads to the question of how the data is secured when it’s transmitted. Is it just broadcast out in the open so anyone with a sniffer could pull it in?
Currently, yes. The option to share a database is provided in File > Database Properties. Don’t “broadcast” a database containing your sensitive information.
What about for the upcoming iPhone app? Would love to see some encryption options for transmitting this data.
DTPO provides a normal web server, so you could put a more fully-featured server in front of it (apache, lighttpd, nginx) to provide authentication and SSL. Keep the DTPO port locked down via a firewall, set up mod_proxy between your web server & DTPO’s server and you’re set.
oh gee, is that all? Piece of cake!
Seriously, thanks for the thought but that’s not gonna happen.
My opinion, I’d MUCH rather see encryption than SSL for transmitting this kind of data to the new iPhone app. I think the assumption needs to be that at least some of most people’s libraries are going to have information which they are going to want to treat confidentially. If the data is going to be transmitted out in the open, then I’d think a large number of users would not wish to utilize this functionality.
I was giving you an option that you can do today, if you wish. Feel free to wait until the Devon crew implements your requests.
Also, SSL is encryption so I’m not entirely sure what you mean by you’d rather have encryption than SSL.
padillac…i do appreciate your input, that’s just way more a complicated solution than I’m looking for.
Re encryption versus SSL, I’m referring to something like what 1Password uses when they transmit their data to the remote device. Here’s what they do:
from their website:
The iPhone application does not have any access to the master password on the desktop so when you setup the iPhone application it creates 2 new encryption keys for performing AES CBC encryption. One key is used for items protected with the unlock PIN code and the other key is used for items protected by the master password.
The encryption keys are sent to the desktop application (securely as well) and the desktop application uses these keys to encrypt and decrypt information exchanged with iPhone. The authorization phase uses 2 randomly generated secrets to ensure your iPhone is communicating with the correct machine and to protect the encryption keys.
For additional protection, all communication between the iPhone and desktop app is encrypted.
In short, 1Password Wi-Fi syncing is very secure and protects against sniffers and man-in-the-middle attacks. It can even be used for syncing on public unprotected Wi-Fi networks.
1Password is doing essentially the same thing that SSL does, it’s just doing the authentication and encryption internally rather than relying on an external protocol. That allows it to remain secure in situations where SSL isn’t available.
DT is in the opposite situation: it provides no encryption of its own, but runs in an environment (Mac OS X) where such tools are readily available.