cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New

General advice/guidance needed with a databases/SSL problem

Hi

 

I've hit a problem where I'd like some advice with please and to see how others might deal with the problem.

 

I've got a database hosted by GoDaddy that an Android app accesses. The domain that hosts the PHP pages that access the database doesn't have an SSL certificate so the data sent to and from the app is not secure. No personal data of any sort is sent between the app and the domain/database but because it's un-secure I'm guessing it's easy for a person to hijack the data in the middle and change the values before they are updated in the database or the app.

 

I purchased a GoDaddy SSL but couldn't get it to work with the app (it worked when accessing the domain via a browser) so cancelled it and got the money refunded. I've found using another hosting provider that the app works with a LetsEncrypt certificate but the problem with the new hosting provider is that the database is new so has no data. I could copy the tables over from the GoDaddy one to the new host but old versions of the app will be accessing the GoDaddy one and the new versions of the app will be accessing the new host database so the two would end up so far out of sync that it would cause more problems.

 

I contacted GoDaddy to see if I could start a new hosting plan on my account and access the database that's on my current hosting plan and they said that I can't. If I could, I would have purchased a new hosting plan with them, set up a LetsEncrypt certificate (I can't do this on my current hosting plan as I don't have access to cPanel) and continued to access the old database.

 

I can only see that I have a few options:

 

1. I continue using an unsecured domain but add some checksums to the data that gets sent back and forth to make sure it's not been tampered with.

2. I create a new version of the app, with a total new app store listing page and package name, and get users to start again. This new version would access the new databases with a secure connection (really not keen on this idea)

3. Have the app access both databases but update the new one. This will cause problems because the two databases won't ever be in sync and I will still be sending unsecure data to and from the app when it accesses the old database so pointless having the new secure one.

 

Is there any other option I haven't thought about? What would you do? Would you go with the checksum option? It seems like the easiest option, although I'd have to find a decent checksum algorithm to use.

 

Any help or assistance would be greatly appreciated.

 

Thanks

 

Kevin

 

0 REPLIES 0