I asked a question today about dynamically changing a php config file for connecting to MySQL, and it was obvious it's a bad idea. But after searching the Play Store I found a MySQL client app where you can add connections after inputting the host,database, username and password, which makes me wonder how that app works. Does it not send a POST request with the database information to create a config file with whatever server side language they're using? If it does that then does that mean the app is not very secure? Or is it using another way to connect to the database?
Related
Be Clear: This question is not about password encryption/hashing to save into database.
I have developed a PHP application for a client. The application is installed on client machine with XAMPP (placed at htdocs/project_name). Client uses that application locally but the local database is synchronized with remote MYSQL database by Export Report button available on web interface.
My concern is when I store a connection string for remote database in my PHP code the username & password are visible to any guys who can hunt PHP script file and can see it. I don't even wish the client be able to view passwords used for remote connection/synchronization.
How can I achieve this?
You want to give user permission (login data) to connect to the
database but at the same time don't give him permission (login data).
The only thing that is on my mind to store login data corrupted,
and in code decrypt this data with some key hardcoded in the script. This is hackable,
but if the user is not programmed it is unlikely to do this
If you accept Kerckchoff's principle then it is impossible to provide an authentication which is available to a program run by a user without making that token available to the user. If you provided a better description of the problem, specifically the modes of operation you are trying to prevent then we might be able to provide effective solutions (e.g. encapsulating all data access in packages would restrict access to data for specific users).
I have simple Facebook app done right now (HTML+JS). User can just click and see some pages/products there but now I would like to add also form where they can leave their information (name + email). The app is currently hosted on my web partner server and I would like to still keep it there but where the information would be saved in future would be on different server. Now I'm worried about the security side. What is the best way to send the form data to another server php, process there and save it db? If this is even possible (should be). I'm more designer guy so I feel bit uncertain when comes PHP and personal information.
So make it short: Facebook app (HTML+JS) that is hosted on Server1. Server2 where I have database and where I would like to save the form data. Or would it be just easiest to move the whole app to server2 too?
You can use PHP on your first Server to write the data into your database on your second Server (using the correct connection). Then when you move your Website to the second server all your data will already be there and you wont need to move anything. If your second server is not yet available you can write the data to a database on your first server. Then when you want to move it to your second server you can export the database from your first server and import it on your second server. Then you will have to change your php to connect to the database on your second server.
I am developing an application that needs to send data to a server so that the server data can be outputted on a website table.
My question is how is it done? I already know how to create tables and whatnot, but when a user creates an account on the phone application, how is it going to appear on the table on phpmyadmin?
# Zarathuztra convenient phpmyadmin is a tool to manage MySQL databases.
What you need is a script on the server that receives the requests from the smartphone is making special thinks inside. Save or manipulates the data in the database and sends the result back on to the phone. This is not the opinion, we can teach you on StackOverflow, sorry.
Watch out for cloud database services to your problem on the internet or ask are PHP-coder for help.
I'm developing an online application that will have many outside users. As for now my connection method is to host a centralized database for all users, while they connect from their own server files.
Method:
PHP Connection File (hosted on their server; file provided by me) >> Connects to my MySQL Database
Now obviously I need to provide my database user and pw info, but I know that questions security.
So to my point, how would I provide database access to outside users(different servers) without giving up security.
Or if someone has a better method I'd love to hear it. Thanks!
Create an API in php, sort of webservice with an interface that you define and host this API on your server.
Each user (script that runs on users server and uses your API) needs a personal API key or access code they need to register to the webservice.
Take a look at well known API's like Google maps or something similar. Oh even stackoverflow has one
Create a signup form for users and store their own UserID and Password in a table on your site. Then create a PHP interface for them to upload their files. That way, you need only validate thier own UserID and Password through a HTML/PHP form to allow them to sign in, and your MySQL creds stay safely hidden.
I'm trying to write an Android Registration and Log in system. I looked at the code here https://github.com/andreipop/Android-Login-App as a reference. The data was saved in sqlite in that example. I was wondering how could I transfer the database to my server? probably use php with mySQL? Thanks,
you have to know a little bit of mysql and also have knowledge of PHP, you can go to 000webhost.com and create an account which lets you host websites with access to mysql for free.There you can easily test your code in php & mysql for free.