2

We have an application (written in PHP) that fetches data from several remote Progress databases. The way it is working now, we ask our clients to open a port in their firewall to our IP, then we're able to run queries using ODBC connection from the PHP code.

The problem is that the data transferred over the internet is unencrypted.

We thought about two solutions but we've issues with both:

  1. Updating Progress DB to use SSL. Problem: this requires our clients to change the way they connect with other vendors to have them all using the SSL.

  2. Creating a VPN connection between us and the clients. Problem: we have many clients and the IPs/subnets may be overlapping.

What else can we do to have the data transferred to us encrypted?

Thanks.

Tom Bascom
  • 13,405
  • 2
  • 27
  • 33
David
  • 2,528
  • 1
  • 23
  • 29
  • What odbc-driver do you use from your php application? The odbc-driver I've been working with have an option to configure encryption of the data. – erg Oct 15 '15 at 06:40
  • I use "Progress OpenEdge 10.2B Driver'. I have an option in the security tab of "SSL", however, as I mentioned in #1, they have to install it on their Progress DB servers and it requires all other connections to that DB to be SSL. – David Oct 15 '15 at 14:58

1 Answers1

2

Create an SSH tunnel between your systems - this'll allow them to work as they were, the comms will be encrypted, as long as the client systems support SSH connections.

https://en.wikipedia.org/wiki/Tunneling_protocol

This document looks fairly complete: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-tunneling-on-a-vps

You can find a windows version of Open SSH here: http://www.mls-software.com/opensshd.html

Tim Kuehn
  • 3,201
  • 1
  • 17
  • 23
  • Thank you for the suggestion. Our clients ProgressDB servers are Windows server. I just suggested this to our IT guy, he said that SSH is a linux thing, and although there are options to install SSH on Windows, It’s very cumbersome to set up, maintain and it breaks all the time under Windows. (personally I don't have experience with SSH on Windows, only on Linux). – David Oct 15 '15 at 14:51
  • 1
    SSH is a protocol and it is not OS dependent, it just happens that Linux has a pretty solid implementation. If your IT guy's had problems with SSH on Windows in the past, I submit it was the application software he was using. I've added a reference to a windows implementation I found that looked pretty solid, or you could research some commercial Windows SSH offerings. – Tim Kuehn Oct 15 '15 at 15:04
  • 2
    Your IT guy needs to get out more. – Tom Bascom Oct 15 '15 at 19:33