security

SlashDB Donates to OpenSSL Software Foundation

SlashDB Donates to OpenSSL Software Foundation

Today SlashDB (VT Enterprise LLC) mailed a check with the contribution of $2,304 to The OpenSSL Software Foundation. The funds were raised from our “I Heartbleed OpenSSL” t-shirt sale campaigns, which ran in April and May, contributing $2,048 and $256 dollars respectively.

Check for OpenSSL Foundation

Says Victor Olex, founder and CEO of VT Enterprise and SlashDB: “It is with great pleasure and a sense of obligation that we present OpenSSL with this donation. VT Enterprise is software consulting company and an independent software vendor. Our products, such as SlashDB often integrate with OpenSSL to provide encryption for web interfaces and APIs. We thank the Foundation for their stewardship and continued development of this important product.”

Just the same we thank everybody who purchased the t-shirts and hope that you enjoy wearing it! This donation would not have been possible without you.

I Heartbleed OpenSSL

I Heartbleed OpenSSL

heartbleed-t-shirtThe vulnerability in OpenSSL has shocked the Internet community and has reverberated up and down society layers worldwide.

UPDATE 25-Apr-2014: After our original campaign ended oversubscribed we got featured in the New York Times. Now, by popular demand we are relaunching the campaign for 200 more t-shirts.

Is Open Source Safe?

Can the free and open source be trusted? How come the bug could stay hidden for over two years? Was it introduced intentionally? Those are some of the questions many are asking, but are those fair questions?

Because the code for OpenSSL is publicly available along with its change history, anyone can track down the change to date and time it was introduced and to the individual who committed the code. Only those who do nothing do not make mistakes. It is easier to point fingers and assign the blame than it is to effect positive change.

On the other hand, the open source promise of achieving higher quality and security by having multiple pairs of eyeballs reviewing and scrutinizing the code has to be questioned.

In reality most of the open source users are takers. A very small percentage contribute anything and only a fraction of those will care to thoroughly review their (or others’) contributions in context of the overall code base. In OpenSSL’s case that’s over 450,000 lines of code. Corporate-sponsored open source projects tend to do a better job of providing direction for the project and vetting the contributions because their brand name is often on the line. Purely community-driven projects often lack any formal organization and see a lot of arguments over features, endless flame wars on mailing lists and unavoidable attrition of talent as they get frustrated and/or busy with their paid careers.

Get a T-Shirt, Help the Cause

Did you know that the OpenSSL Foundation is not even organized as a non-profit? No wonder they are said to only attract $2,000 a year in donations. They are also the stewards of largely invisible product, unlike say Mozilla, who makes a popular Firefox web browser, so most people simply never even heard of their mission.

Let’s help them out. We are hoping to send the foundation at least a $1,000 and we need your help. We have launched a T-shirt campaign at http://teespring.com/iheartbleedopenssl (or click the image above). Please participate and share the message.

SlashDB Adds Support for 3Scale API Management Service

SlashDB Adds Support for 3Scale API Management Service

powered-by-3scale-croppedWe are pleased to officially announce that we have added support for 3Scale API Management service in SlashDB.

Powerful Technology Combination

With /db‘s capability to generate API on the Fly™ directly from databases this level integration creates the most powerful combo to quickly and reliably launch, manage and safeguard REST/HTTP APIs. API metering, billing and developer portal management are only some of the features that 3Scale’s platform provides. But an API management service cannot build an API for you – that is what SlashDB does.

In the past this kind of integration required manual modifications to proxy configuration files, which although powerful can be cumbersome to do. Now, all that is required is to use 3Scale web-based GUI for proxy configuration to generate required files, which then can be simply uploaded to SlashDB. Of course, manual tweaking of the files is still possible so SlashDB clients get the best of both worlds so to speak.

API Keys

Related to 3Scale integration, added is the support for authentication with API keys. SlashDB has always allowed for stateless authentication using HTTP Basic Authentication but many developers are accustomed to the convention of an API key. SlashDB now supports both a singular API Key (user key) or a pair of Application ID and Application Key. The keys can be associated with SlashDB accounts (users), which in turn govern access to data resources and system features. For making API calls authentication keys can be provided as HTTP headers or in a URL query string.

Immediate Benefits

There is no faster way to an API than from one’s database and SlashDB excels at making the connection, thanks to these key features and benefits:

  • API on the Fly™ with multiple resource representations to suit every purpose
  • Data Discovery and search readiness to visually orient developer or analyst in data resources available
  • SQL Pass-thru to leverage the full power of database querying capabilities in API
  • Authentication, resource authorization and encryption to control who gets to see what
  • Leverages investments already made in databases for seamless integration with HTML5, mobile, NoSQL and Big Data analytics

Enterprises, web businesses, data vendors, data scientists, quantitative analysts, DBAs, mobile enterprise applications developers and other user groups all derive unique benefits from SlashDB.

How can /db upgrade your data infrastructure? Learn about solutions and try it risk-free on your databases.

/db ver. 0.5 is out; features security enhancements

SlashDB version 0.5 is out. We have focused on enhancements to user credentials, authorization schemes and added two ways for user authentication. In addition to security enhancements new features were added to URLs namely vectors, sorting and uniqueness. Finally, the user interface although not the most important aspect of the product has gotten a nice face lift too.