Advice please - one server handling: Local C8 apps AND Intranet AND Internet

[Jeff Martens]

Your suggestions on the practicalities and wisdom of this proposal will be welcomed.

Using:
- Clarion 8 for local apps
- the latest NetTalk Webserver e.g. 7.18 producing the web interface for the Intranet AND the Internet

For a small business with a low transaction volume, the server:
- hosts all Clarion TPS data
- is connected to the in-house network
- AND runs the NetTalk Webserver
- AND is connected to the internet.

In-house:
- Some users run Clarion 8 apps over the intranet.
- Some users on the intranet access the data using the NetTalk web pages

From outside:
- Two users might use Remote Desktop to run Clarion8 apps in or out of business hours.
- Travelling sale staff will use NetTalk web pages over the internet for queries and ordering
- Internet sales to the general public AND account customers will use NetTalk web pages
- phone sales as usual

Both:
- we can expect desktop computers, laptops, tablets and PDAs to be used by both staff and customers
- in-house we could expect WiFi to be used for some devices
- from outside we could expect internet users coming in over landlines or the phone system.

Next:
- some travelling sales staff wonder about using their PDAs barcode scanning abilities to speed up order entry when
they are on-site

Other:
- as usual, there will be interfacing with MSOffice and PDFs and Email, both from in-house and outside.

Thanks in advance for your comments.

---

[Bruce]

It's all good, but I'd recommend strongly considering SQL as the data store instead of TPS.
You don't need to do anything fancy SQL-wise, but it seems to me that, especially with the wifi, using TPS might be prone to problems.
(Using SQL can sound a lot more daunting than it actually is - as long as you're using FM3 it's really easy. (ask if you need more advice in this.)

But the overall strategy sounds fine.

Cheers
Bruce

[Jeff Martens]

Bruce,

Thanks for the reassurance.


In the past (before the upsurge of device portability and Wifi) I dabbled with several of the free brands of SQL (MySQL, Pervasive, Firebird, MS Express), but returned to TPS for simplicity.

What SQL brands seem to be currently preferred by users of Clarion and NetTalk Webserver?


Thanks.
---

[rjolda]

Jeff,
Have done this for a long time.  Have a server with local C8 apps which we run for our customers to provide them their data from internet sites.  One TPS data set.  Their admins and clients work with the data through NetTalk Apps.  Works like a charm!.  They work on computer, tablet or mobile phone - no problems!
FWIW,
Ron Jolda

[Jeff Martens]

Ron,

Good to hear from you and good to hear about your good experience.

If your server is open to the internet, and to the intranet, how are you protecting it?
and - are you still using Port 88?


Thanks.

---

[Bruce]

>> What SQL brands seem to be currently preferred by users of Clarion and NetTalk Webserver?

It's more of a Clarion question, in the sense that any SQL is fine - but personally we use MsSql. I've heard good things about Firebird and PostGres as well. If you're unfamiliar with SQL then I recommend investing some hours to watch some ClarionLive session on SQL - especially a series Mike Hanson, JP and I did starting in May of 2012.

Or just read the FM3 docs.

>> If your server is open to the internet, and to the intranet, how are you protecting it?

servers are not "open to the internet" - what's actually happening is lot narrower than that. Basically you open a single port on yur incoming ADSL router (or whatever) and only traffic coming in through that port is accepted. That traffic in turn is forwarded to your NetTalk server.

It's worth understanding that the server can only be "told to do" what the server is programmed to do (*). So, I'm assuming you haven't hand-coded a method to format the hard-disk in the app, and so the server simply cannot do that. Incoming requests are processed by the server, not by the OS or something like that - you can't just pass random commands through.

The server itself obviously take precautions to prevent it doing something unintended. Security is a process, not an event, so it's something that gets tweaked from time to time, and as best practices emerge they are included underneath for you. This is one of the reasons I recommend always staying reasonably up-to-date with the NetTalk server itself.

 (*) One very common attack approach is to provide the server with something that does make it crash, and then by using some exceptionally clever assembler - inject some code at that point. I'm not aware though of any successful attack of this nature against a nettalk server - if only because the effort involved is substantial, and nettalk servers are comparatively unknown.

cheers
Bruce

[Rene Simons]

Hi,

The closest an application of mine has come to an attack is that "they" tried to open a phpAdmin.php page. Which wasn' t there obviously . My app uses tps files. Therefore my phpAdmin.php page (if there is any) will never be in my web folder.

Sql insertion is on my to-do list however.

Rene Simons

[Bruce]

>>  "they" tried to open a phpAdmin.php page

If you start logging the incoming requests, and looking through them, you'll see all kinds of malicious requests. This is nothing new, it's been going on since we got our first permanent internet connection, and we hosted our own server (on a 64K diginet line <g>).

It's nothing personal - a vulnerability is found in say PHP, or Apache, or IIS, or Wordpress ro whatever, and so a program is written to continually scan IP addresses just trying the vulnerability. There are lots, and lots, of these scripts running. Of course most of the time they fail, regardless of server, but every so often they come across a machine they're looking for, so they mark that machine for attention (and move on.)

One advantage to being a very rare server (like NetTalk) is that there's basically no point trying to target NetTalk servers in this way. The effort is the same for say IIS, and the reward millions of times higher.

>> Sql insertion is on my to-do list however.

Assuming you are using NetTalk, and Clarion file drivers (and either no prop:sql, or only very careful prop:sql) then you are immune to Sql Injection. As far as I've been able to determine Sql Injection via the Clarion drivers is not possible - because of the way the drivers work.

As an aside - although it's not really visible, there's a lot of work that goes on in NetTalk to ensure that the level of security remains as high as it can be. NetTalk servers, by different developers, have been formally tested by external testing houses and from those reports we tweak and touch until each time it passes with a 100% score.

Cheers
Bruce