On Tue, 15 Jan 2013 14:16:55 +0100 "Pierre-Yves Bonnetain" py.bonnetain@ba-consultants.fr wrote:
My BigDatabase has it's login/password authentication process. Since my customers want to access the database through bad Internet, we set up a SSL/TLS frontend. Each customer has his own X509 certificate, with all proper bells and jingles in it. The frontend checks the certificate (CA sig, validity, revocation, etc.) and then, as it should, passes the unencrypted flow to the application.
Hi, I'm quite late to your help request but, here I go :)
Assuming the frontend that checks the certificate is stunnel (otherwise I couldn't understand your explanation here)... I think you are missing the point there.
Let me ask one thing. When you say you pass "the unencrypted flow to the application", do you mean you pass the flow to an unencrypted connection too? If so, it is a big mistake.
Anyway I don't know how your scenario works but in my head there is this one:
- app with database can't accept direct internet connections (important!!!!) - stunnel needed in the client/user and in the server. - user certificate created with password (so each time the user open stunnel, it is requested by Stunnel to start) - stunnel checks certificate against CA - stunnel passes the flow to the app and this requests the user/password
Here you have a double identification check.
You have an encrypted connection where is checked that there is a valid certificate and, therefore, a valid user; also you have an application that, after being checked the certificate, it checks for an user and password to be able to use it.
So, why do you need or why are you seeking for a check of a certificate by the application?
Maybe I didn't explain before. The application can't accept a connection if there is not a valid connection with stunnel first, which requires a valid certificate. So, by insist in check the certificate?
I had this kind of connection you are telling here with a HTTP server that requested a login too and I had as I explained. You can't login to the HTTP server unless you have a valid certificate for stunnel to check.
The link between both is obvious, unless your neighbour has stolen your certificate, the password for your certificate and the password for the database app and he also uses the same client database app. (Not impossible but… well, you know)
I hope I cleared your doubts a little ;)
Regards.