Normally when we connect to a database, we will select the database driver
type, server name, uid, password and database name. (like ms
sql server ). Is it possible my c# windows form app
auto detect available database connections?
Maybe the ms sql server database is store on the same PC where I
am running the app.
It is like the app can know there is a ms sql server
database and try to connect to the database.
I will aprreciate if you can please provide some example code
Thanks
The SqlDataSourceEnumerator API may be what you are looking for, however I rarely see it used - in part because not everyone wants their servers discoverable, so they turn this feature off. Additionally, even if you can find the servers, it certainly won't tell you the credentials - you need to know those yourself (or use trusted auth).
But in almost all cases (unless you're writing a database utility like SSMS): your user should already know which source they need to connect to (even if that is just a magic opaque string that the admins give them).
For more info, see MSDN which has a full example.
Related
I've just installed MySQL with phpmyadmin on my VPS via ssh protocol, and I've created root account with all privileges. I figured out how to connect with my databases via C# using MySQL 5.5v. for .Net 2.0 - the only version acceptable for Unity3D. And I have a few questions about it. I don't know is it right to connect to database on client side with root account, i mean something like that: Server=***;Database=Users;Uid=root;Pwd=***;
and then type query: SELECT * FROM Users where .... i think its unsafe way. How can I connect do it in more safety way? Without giving Password to Root account in C# code, maybe create another account without modify permissions?
It's not a good idea to connect to the database from the client(Unity), if this app will be released anywhere on the internet. The way to do this to use POST or GET method with the help of the WWW class, to send and receive information your server.
Your server should be coded with php,perl, c++ or whatever language you prefer.It will read data you send from Unity, then retrieve information from database and send it back to the client(Unity). Again, the whole database connection should be done on the server not on the client side.
One exception to this is when your app will only be used in your company office. As long as it will be made available for others to download, it is not secure if you hard-code the login information or even allow direct connect to the database from the client side. There are many examples on Unity wiki website.
I want to build a simple database program in C# to add,update and remove information.
The program should be on shared network between 3-5 computers and each could add his information in the same time.
I searched and found that SQLite isn't good for that, and don't know what will be.
I'm looking for some simple database, not something that I should install in each PC to support it.
There isn't an access to the internet, its blocked except a few websites so its not possible to use MSSQL or mySQL.
Thank you.
The fact that the users don't have access to the internet doesn't mean that you can't use MySQL or MS SQL Server. You can install MySQL on one of the computers (the one that will play the server role) and have all the other computers connect to the MySQL instance installed on the local server since you say that they will be on an internal network.
As far as Databases go, there are plenty you can use: MySQL, SQL Server, PostgreSQL, etc... Just don't use MsAccess. ;)
I'm a dektop developer and don't know much about how webhosting work... So please help me here.
currently my app works with MSSQL database which is installed locally on the same machine.
Now I need to go wider and let multiple apps work with the same database over the Internet.
I have a webhosting with CPanel in it and MySQL database.
Please tell me how I can access tables in that MySQL database from my another computers?
Select and update records in that table. Do I have to implement some functionality using PHP to make such requests?
Please advise..
Exporting raw MS-SQL dumps will probably not work if you try to import into mySQL because there are some differences in syntax. There are commercial programs available that will help you migrate data, otherwise it might be better to code a PHP program to export from MSSQL to mySQL.
But your question sounds more like you're asking how to access databases remotely.
.
PHP can do this natively. When you create your link to the database you specify the host. For example: $databaseConnection = new mysqli('username','password','host_ip_address');
If you're coming from MSSQL you may hit some snares.
To allow remote connections on MS-SQL you use the "surface area" configuration tool. You'll probably find that your mySQL database server is already configured to allow remote connections, if not you'll have to take that up with your host (sounds like you don't have your own box).
The next trick is to remember that usernames in mySQL look like this: 'user'#'host'.
cPanel hosting usually has PHPmyAdmin installed. Open it up and look at the user table in the mysql database (the actual database named mysql running on the MySQL server).
You'll see a host column. So if your 'root' user is only set to 'localhost' you won't be able to login as that user from another machine. The wildcard symbol is %. You can read this up here - http://dev.mysql.com/doc/refman/5.5/en/adding-users.html
Of course the same rules apply to mySQL when it comes to users. Don't use your root account to access sub-databases, rather assign new users which only have the required permissions. Also consider using non-predictable usernames. That doesn't really answer your question (sorry) but it's worth mentioning while you're looking at the user table.
So to finally answer your question:
1) login to cPanel and create your database 'foo'
2) Run SQL command:
GRANT ALL PRIVILEGES ON foo.* TO 'secretuser'#'%' IDENTIFIED BY 'longpassword'
Then PHP code would look something like this:
$host = 'ipaddress or hostname';
$mysqli = new mysqli('secretuser','longpassword',$host,'foo');
// look in php.net for error handling
$query = "SELECT * FROM tablename LIMIT 0,10";
$result = $mysqli->query($query);
The reason I put a limit there is because you're probably used to "SELECT TOP 10"
You would have to export the data on your computer into a raw SQL file, and then using a the PHPMyAdmin control panel you could import it. Assuming you are also using PHPMyAdmin on your own machine there is an 'Export' tab along the top. If you click on that you will have the option to export all your tables to a .sql file.
From there you then need to access PHPMyAdmin via CPanel. Once in you can then hit the 'Import' tab and upload your file to get all the data into the database. To interact with the database online you would need to use the inbuilt functions in PHP - the MySQL Reference on PHP.net is very useful. you would then be able to access the database from any computer using the PHPMyAdmin control panel.
How can I make a program use a SQL Server database, and have that program work on whatever computer it's installed on.
If you've been following my string of questions today, you'd know that I'm making an open source and free Help Desk suite for small and medium businesses.
The client application.
The client application is a Windows Forms app. On installation and first launch on every client machine, it'll ask for the address of the main Help Desk server.
The server.
Here I plan to handle all incoming help requests, show them to the IT guys, and provide WCF services for the Client application to consume.
My dilemma lies in that, I know how to make the program run on my local machine; but I'm really stumped on how to make this work for everyone who wants to download and install the server bit on their Windows Server.
Would I have to make an SQL Script and have it run on the MS SQL server when a user wants to install the 'server' application?
Many thanks to all for your valuable time and effort to teach me. It's really really appreciated. :)
Edit:
To clarify, each business will have their server completely separate from me. I will have no access whatsoever to them nor will they be in any way connected to me. (I don't know why I should clarify this :P )
So, assuming the have ABSOLUTELY NO DATABASE SERVER installed; what can I do?
Ok, part of the answer, dealing with the SQL Server Database (and frankly SQL Server Express will take you a long way - 4Gb of data) and the server install elements.
Firstly make installation of the SQL an SEP, make it a pre-requisite possibly tweak your installers to test (challenging) but substantially point them at the links to SQL Server express and let them get on with it).
Secondly separate installers, as suggested, for your client and your server elements.
Finally, how to build the database - I'd suggest using code to create and maintain (update) the schema i.e. once you have a connection to a server you can run code that calls DDL that does what is necessary (something like suggested here: How to create "embedded" SQL 2008 database file if it doesn't exist?)
A question - are you intending all communications from the clients to go through you WCF service?
Your install application should:
Obtain a SQL Server name, a username (with apprpriate rights to create a database) and password.
Either run SQL scripts using the locally installed command line tool or from code using SMO (for instance), against the user supplied server with the supplied credentials.
BTW, Before you expend effort writing an open-source help desk, have you checked what is already available? Also, Open Source Helpdesk
It is not so straightforward to deploy a client/server solution with an automatic installation.
You probably would then be better off to deploy your server installation together with a database engine and a skeleton database already setup according to your wishes. This is to avoid tampering too much with the existing server - who knows whats on it.
Also you say you want to install WCF services, well this would probably mean installing them on a customer server, in theory this shouldn't be a problem however in reality it could be, depending on what is previously on the server.
Do you want a single SQL Server instance running on your machine, or one on each of your customers' servers? If it's the latter, you'll want to install a SQL Server instance - anything from the (free, but limited and not open-source) SQL Server Express to a more expensive SKU - on each server. You can include this step in your server installation package; MSI installs make it very easy to bundle a MSSQL install.
Then you'll need to drop a schema, and maybe data, on the instance. You could do this as a step in your installer, or as part of your application setup process. It possible that a SQL Server instance, or more than one, might already be installed on the server, and your post-install step should allow the user to specify which instance on which to install your pieces.
Then, include a database configuration piece in your client application. Ask the user - or take from a configuration file at client install time, to allow for unattended or unprompted client installs - server connection details, like server name and authentication information.
A word on authentication - since you appear to be building Windows-based tools, use Windows integrated (domain-managed) authentication if at all possible. Don't get in the business of storing logins, but instead rely on the existing domain to manage logins. A good strategy is to use active directory groups to manage access. Grant access to a particular group in SQL Server, and defer group membership to Active Directory itself. If you can't gain the access necessary to do this, then grant permissions to AD user accounts themselves. Avoid creating SQL Server logins, the use of which open the door to some possible security problems.
I understand what you are trying to do. If I were you, I'd do the following:
Provide 2 downloads - 1 for client and 1 for server.
Forget about MS SQL Server and perhaps go with MySQL, since it really is open source. You could probably get away with using MS SQL Server Express Edition, but if your data set gets gigantic large (which is common with help desk databases), you'd be stuck.
As other people pointed out, on very first run (or at setup time), I'd have the client app locate the server.
If a C# application connects to a mysql server from a client, how do I store the mysql username/password for the connection? If I have it in a config file or embedded in the source it can be found by reverse engineering. It is not possible to give all users a MySql password.
Also, I have a log in for the application. How do I enforce that the user goes through the login process and does not just reverse engineer and comment out the C# code verifying the log in?
Is there anyway manage these connections between MySql and a client side application or must there be a third program on the server side interacting with the database locally to be secure?
Perhaps you can have a two-stage system: Have a SQL account whose only permission is to execute a stored procedure taking the user's username and password and giving them the credentials to use for the real account. When the user logs in, you connect using the restricted account, get the credentials for the real account, and then do your work using that account. You can change the SQL password fairly frequently, too. If you suspect a user of foul play, have the procedure return them a different set of credentials, and track those credentials.
For Winform clients that connect directly to the db this is an age old (10 years or so?) question that may never be solved.
The problem is that no matter how you encrypt or obfuscate the connection string there will always be a point in time at which the string will be represented as plain text in the client computer's memory and therefore hackable.
You have been recommended options by other SOers, i just thought i'd point out what you're trying to work around.
Here is the problem. You are trusting the end user with the binaries which will call MySQL queries. This means, beyond any shadow of a doubt, that a clever user could "take control" and run queries directly.
There are things you can do to improve the situation. It sounds like you are on a LAN. Why can't you give each user their own database user? That means that the authentication is (a) taken care of for you, and (b) you can use "real" MySQL permissions to limit what harm they can do. Also, you could use stored procedures and give them only access to the procs, really limiting what they can do.
You could also consider re-writing as a web-application where you process everything on the server out of their reach.
However, is there really a problem here, or are you just being theoretical?