I've just installed MySQL with phpmyadmin on my VPS via ssh protocol, and I've created root account with all privileges. I figured out how to connect with my databases via C# using MySQL 5.5v. for .Net 2.0 - the only version acceptable for Unity3D. And I have a few questions about it. I don't know is it right to connect to database on client side with root account, i mean something like that: Server=***;Database=Users;Uid=root;Pwd=***;
and then type query: SELECT * FROM Users where .... i think its unsafe way. How can I connect do it in more safety way? Without giving Password to Root account in C# code, maybe create another account without modify permissions?
It's not a good idea to connect to the database from the client(Unity), if this app will be released anywhere on the internet. The way to do this to use POST or GET method with the help of the WWW class, to send and receive information your server.
Your server should be coded with php,perl, c++ or whatever language you prefer.It will read data you send from Unity, then retrieve information from database and send it back to the client(Unity). Again, the whole database connection should be done on the server not on the client side.
One exception to this is when your app will only be used in your company office. As long as it will be made available for others to download, it is not secure if you hard-code the login information or even allow direct connect to the database from the client side. There are many examples on Unity wiki website.
Related
I am a programmer enthusiast who recently made his first C# and an Android Studio client that uses an “Microsoft SQL Server Management Studio v18.8” database with multiple tables.
Before doing this I had no knowing in SQL programming. My goal is to give the C# client to multiple users and with the Android Studio to verify a final table instruction ( Everything works fine if the devices are in the same network area. example. C# and Android app connected on the same Wi-Fi )
If I switch off the wi-fi on my cellphone and connect it to mobile network I cannot access the database anymore. Upon searching for more information I found out that I need to configure my router for IP-Forwarding with the PORT which is configured in the SQL Server Configuration Manager. ( I edited the exception rules in Firewall setting to allow connections for that port ) Since I am new, my questions are:
Is IP-Forwarding a viable solution for accessing remotely over the internet? Upon searching I understood that it isn’t and my confusion is “How does somebody else access an SQL database remotely ( over the internet ) ?”
Moreover, is accessing remotely over the internet an SQL db viable? If not, what would be the correct approach for a client to INSERT/SELECT something in a SQL server which is located on another network that has an open connection with the internet?
On both clients the string connection is made by giving the server’s IP / PORT, database and Login Credentials. Is there a way to hard code the Password Credential? So that it won’t be a string variable, vulnerable to hacking?
For me is a challenge and I find it fascinating how fun is to manipulate the SQL data and the fact that it works is super impressive.
My 4th question will be off topic, but learning/writing the programs I start thinking: Is an API and an SQL database related somehow? Or at least they work on the same principle?( I have no deep knowledge of what an API is, just basic understanding ) Is this what back-end programming means?
I have some Databases built in Access and I want to be able to view and edit them when I'm not connected to a local server\network.
How can I access with C# to view and edit the Access databases placed on a server without VPN or SMB (which means creating local network). Is it possible to edit it realtime on the server?
This needs to be accessed by more than one people, thus I also want for example block a table if one's already editing it (so here also goes the FTP protocol - to download and edit on the PC and reupload)
I hope I was clear enough and provided enough info, thanks for all helpers!! Enlighten me please :)
We would first have to ask how end users going to run and use the C# program?
Desktop: users would need a network connection to the server. (most likly a VPN).
Web based: users would need a network connection to the WEB SERVER. This could also be a VPN, or could be a web server that is public facing. this would then require logons for security.
If users don't have a network connection, then it not going to matter if this is oracle, MySQL, SQL server or Access. And in fact, if this is web based, then users need to be able to connect to that web server.
So, without some kind of network connection to that server or computer where the data resides, and you eliminated a VPN, then your options are limited.
You can build a web site and place it on a server. However, if users don't have any kind of network connection even in the case of a web site, then I fail to see how you can even suggest using FTP let alone any other kind of connection.
This needs to be accessed by more than one people,
Ok, you need multi-user. However the locking up a whole table on sql server to allow only one user is actually quite difficult.
But, we can leave that you want one user in a given table at one time. (but both Access and a web site would in fact allow multiple users - even editing the same table).
All in all?
Then this suggests the most obvious solution: run a web server, and that would allow any user to connect to the web site, and the web site then can read/talk/use the access database that resides on that server. And this then again means that you don't need any client software installed.
FTP is not a practial solution - since it only works on a whole file.
So, users will require some means to connect to some server. That being the case, then write your C# appliation as web based, and thus no client software will be required, and the only software that interacts with the access file on that server will be the web site.
So, running a web site on that server does seem to be the best option.
So, we heading towards a web solution.
So then software would stay and run 100% on the server side, and thus zero client software would be required other then that of a browser.
I developed a simple Python web server to work with the Access DB via HTTP:
https://github.com/vikilpet/MS-Access-HTTP-Server
Probably this is not an ideal solution for your case but it may be a good starting point.
Normally when we connect to a database, we will select the database driver
type, server name, uid, password and database name. (like ms
sql server ). Is it possible my c# windows form app
auto detect available database connections?
Maybe the ms sql server database is store on the same PC where I
am running the app.
It is like the app can know there is a ms sql server
database and try to connect to the database.
I will aprreciate if you can please provide some example code
Thanks
The SqlDataSourceEnumerator API may be what you are looking for, however I rarely see it used - in part because not everyone wants their servers discoverable, so they turn this feature off. Additionally, even if you can find the servers, it certainly won't tell you the credentials - you need to know those yourself (or use trusted auth).
But in almost all cases (unless you're writing a database utility like SSMS): your user should already know which source they need to connect to (even if that is just a magic opaque string that the admins give them).
For more info, see MSDN which has a full example.
I'm not sure if this is the right place for this question, but here goes......I have a website that was developed in PHP using MYSQL. Now, I am wanting to write an application in Visual C# which accesses the MYSQL database, and returns data from that database to the application. I attempted this, and received the error "(xx.xxx.xxx.xx) is not allowed to connect to this MYSQL server". After some research, I found that there was a way to turn this off on the server by IP address. However, this application would eventually be distributed to other people and PC's, so I don't think this is a permanent solution. I think I could open the MYSQL database to the world, but I'm hoping for some way that I can connect to MYSQL and tell the server that I am coming from the hello world application only. Does anyone know if this is possible from Visual C# and MYSQL, or know of a secure way to connect to a remote website MYSQL database using an application that can have a dynamic IP address?
Thanks in advance!
Ramhound is right in that you need to reconfigure your server if you want to do anything like this, but if you want to connect to the server directly from the client applications, your client would need to have the password for your Mysql which is not ideal..
Instead you should set up a webservice on your database server, and use that to sent/receive data to and from the clients.
How can I make a program use a SQL Server database, and have that program work on whatever computer it's installed on.
If you've been following my string of questions today, you'd know that I'm making an open source and free Help Desk suite for small and medium businesses.
The client application.
The client application is a Windows Forms app. On installation and first launch on every client machine, it'll ask for the address of the main Help Desk server.
The server.
Here I plan to handle all incoming help requests, show them to the IT guys, and provide WCF services for the Client application to consume.
My dilemma lies in that, I know how to make the program run on my local machine; but I'm really stumped on how to make this work for everyone who wants to download and install the server bit on their Windows Server.
Would I have to make an SQL Script and have it run on the MS SQL server when a user wants to install the 'server' application?
Many thanks to all for your valuable time and effort to teach me. It's really really appreciated. :)
Edit:
To clarify, each business will have their server completely separate from me. I will have no access whatsoever to them nor will they be in any way connected to me. (I don't know why I should clarify this :P )
So, assuming the have ABSOLUTELY NO DATABASE SERVER installed; what can I do?
Ok, part of the answer, dealing with the SQL Server Database (and frankly SQL Server Express will take you a long way - 4Gb of data) and the server install elements.
Firstly make installation of the SQL an SEP, make it a pre-requisite possibly tweak your installers to test (challenging) but substantially point them at the links to SQL Server express and let them get on with it).
Secondly separate installers, as suggested, for your client and your server elements.
Finally, how to build the database - I'd suggest using code to create and maintain (update) the schema i.e. once you have a connection to a server you can run code that calls DDL that does what is necessary (something like suggested here: How to create "embedded" SQL 2008 database file if it doesn't exist?)
A question - are you intending all communications from the clients to go through you WCF service?
Your install application should:
Obtain a SQL Server name, a username (with apprpriate rights to create a database) and password.
Either run SQL scripts using the locally installed command line tool or from code using SMO (for instance), against the user supplied server with the supplied credentials.
BTW, Before you expend effort writing an open-source help desk, have you checked what is already available? Also, Open Source Helpdesk
It is not so straightforward to deploy a client/server solution with an automatic installation.
You probably would then be better off to deploy your server installation together with a database engine and a skeleton database already setup according to your wishes. This is to avoid tampering too much with the existing server - who knows whats on it.
Also you say you want to install WCF services, well this would probably mean installing them on a customer server, in theory this shouldn't be a problem however in reality it could be, depending on what is previously on the server.
Do you want a single SQL Server instance running on your machine, or one on each of your customers' servers? If it's the latter, you'll want to install a SQL Server instance - anything from the (free, but limited and not open-source) SQL Server Express to a more expensive SKU - on each server. You can include this step in your server installation package; MSI installs make it very easy to bundle a MSSQL install.
Then you'll need to drop a schema, and maybe data, on the instance. You could do this as a step in your installer, or as part of your application setup process. It possible that a SQL Server instance, or more than one, might already be installed on the server, and your post-install step should allow the user to specify which instance on which to install your pieces.
Then, include a database configuration piece in your client application. Ask the user - or take from a configuration file at client install time, to allow for unattended or unprompted client installs - server connection details, like server name and authentication information.
A word on authentication - since you appear to be building Windows-based tools, use Windows integrated (domain-managed) authentication if at all possible. Don't get in the business of storing logins, but instead rely on the existing domain to manage logins. A good strategy is to use active directory groups to manage access. Grant access to a particular group in SQL Server, and defer group membership to Active Directory itself. If you can't gain the access necessary to do this, then grant permissions to AD user accounts themselves. Avoid creating SQL Server logins, the use of which open the door to some possible security problems.
I understand what you are trying to do. If I were you, I'd do the following:
Provide 2 downloads - 1 for client and 1 for server.
Forget about MS SQL Server and perhaps go with MySQL, since it really is open source. You could probably get away with using MS SQL Server Express Edition, but if your data set gets gigantic large (which is common with help desk databases), you'd be stuck.
As other people pointed out, on very first run (or at setup time), I'd have the client app locate the server.