Suggestions for protecting Wappler development

Wappler

When deploying my Wappler app/site to a customer.
I currently have all the Wappler source files on their IIS Web Server in the c:/inetpub/wwwroot/myapp/ folder as it connects to a MS SQL Server on their LAN which cannot be accessed directly from an external IP.

I am trying to work out whether its possible to host the server connect .asp files and as many Wappler core files on one of my web servers. So all the data connections work from their web server, but difficult to copy onto another server.

Essentially I would like to protect all the hard work thats gone in to building the pages.

Thanks in advance.

You could create two Projects one for your data (API) hosted on domain #1 and the design in a second project hosted on domain #2. Domain #2 can connect to domain #1 for data retrieval just fine. The same principle for mobile and desktop applications is applied with Wappler. In domain #2 you will select your server actions from domain #1 via the drop down list of Projects. Only issue may be some messing around with CORS but nothing overly complicated about that side and has already been well documented here on the forums.

Thanks @Dave,
We have to develop locally using a copy of the SQL database as the production server is sitting behind a firewall with just an RDP connection to copy our files across. Its the API dmxconnect files we ideally need to host as the design can just be inspected/view source.

No problem just run two Projects as I mentioned. The data side can remain on your infrastructure and the design can connect to it.

2 Likes

A secure way to connect to remote isolated database is usually also done with SSH tunneling (not on Windows btw)

See the docs and case for connecting to a private instance of Amazon RDS:

Sorry if I sound stupid.

As their DB is behind a firewall. Won’t all the dmxAppConnect, dmxConnect, dmxConnections, dmxConnectLib files reside on their server?

or will <dmx-serverconnect id="serverconnect1" url="https://OurIP/OurServer/dmxConnect/api/ServerConnect.asp" site="OurServer"></dmx-serverconnect>

interpret the DB Connection in the Server Action as one of their IP’s even though the file is on our server?