SSL Requirements for InstaTech

Occasionally, I run into this situation: Someone wants to install InstaTech Server to evaluate it, but they get stuck at the SSL certificate installation part. InstaTech currently enforces SSL, so the certificate installation is necessary. I’m happy to help people get a free Let’s Encrypt certificate installed, but it’s not always possible.

I made encryption mandatory because I didn’t want to put anything out there that had any potential for being used in an unsafe manner. My thought is that someone who is less informed about the importance of encryption may opt to skip it if allowed and put themselves and their customers at risk.

I attempted to make this as easy as possible, though. After running the installer, a quick start guide opens, and the first thing is a link to http://certify.webprofusion.com/.  This is by far the easiest way to get a certificate installed on an IIS server, in my opinion.

But recently, I’ve been thinking about those who are aware of the security implications, but simply want to test it internally first.

The first idea I had was to allow an unencrypted connection, but throw up huge warning messages. The second was to only allow it if it’s on the same subnet or domain (or some other manner of determining if it’s on the LAN).

What are your thoughts? I’d love to hear them.

Inside StorageLists

When I began writing the back end for After, I started with Entity Framework/SQL Server.  I wanted to use the opportunity to teach myself the Code-First approach, as I’ve previously only done Database-First.

I really enjoyed working with Code-First, and it was a worthwhile investment of time.  However, I soon found that  SQL Server isn’t well-equipped to handle multiple persistent connections that need to share a static context.  (Please refrain from saying, “Duh, I could have told you that!”  :D)

Instead of searching for something else, I decided to get creative and write my own.  I already had my data modeled in such a way that I could reference everything by ID/PK, and I liked how Code-First used the DbContext class and DbSets.  So I put those concepts into StorageLists.

The StorageList is basically a List<> that writes items to disk after a set period of time of not being accessed.  This timeout can be adjusted, but the default is 3 minutes.  Also, the item must pass the PersistenceFilter, if specified, or else is held in memory and never written to disk.  Items written to disk are serialized to JSON.

Your models for each StorageList must implement IStorageItem, which adds the StorageID property and LastAccessed.

Here’s the example use that’s in the readme: