Good afternoon all;
I am developing an application for a project that utilizes an OpenShift MySQL Database. At the moment, I have written php scripts that ping the database on our host website, which, is also hosted on OpenShift.
My fear is that anyone can call this php address and either a) DDoS my DB/website, or b) can access or get any data inside said DB. There is nothing highly critical on this database, such as passwords and all, but it's best using best practices.
To my question: Is there a way to directly connect to this DB via various platforms such as iOS, Android, and Desktop (Mac, PC, Linux) and not use php scripts? I am somewhat familiar with OpenShift's PortForwarding, but I believe this is not what I am looking for.
If it is not possible to connect to said DB in this way, is there a way to make this process of getting data from the DB more secure?
Note on my php scripts:
They connect to the DB using a username and password. This user has only select and edit privileges. The purpose is to get fields of data: Building and Amount, and at times changes Amount, based on arguments of the php address. The returned data is encoded using JSON.
Check for NodePort feature in openshift/k8s, that should allow connections if this is a self hosted openshift
Related
I need some major help in setting up my android app to add/receive data to/from my database. I'm using Amazon's RDS service in connection with xampp's phpMyAdmin. I've already successfully connected my DB instance to the database in phpMyAdmin. Also, I've written my php scripts to do basic CRUD (Create, Read, Update, Delete) commands in SQL. I've been following this tutorial.
The problem for me is, in his tutorial he is using strings like this:
private static String url_all_products = "http://api.androidhive.info/android_connect/get_all_products.php";
to run his php scripts in a call to makeHttpRequest(url_all_products). But I don't have my own website to do this and I'm pretty sure I don't need one to do this.
Next, I have a test.php file that does a simple echo statement and it works when I run this in a web browser:
http://localhost/phpfiles/test.php
Which leads me to my second problem. I don't want to use localhost because I need these php files and the ability to retrieve data from the database to be accessible to anyone using my app. This is the sole reason I'm using Amazon's RDS service so my database can be accessed on the cloud.
So how can I use the host address provided to me by Amazon RDS to access the database and where do I store all the php files so I can properly use them in Android the way the tutorial shows? They are currently saved in xampp/htdocs/phpfiles/.
I feel like I'm missing some fundamental understanding of all this and I'm going about it all wrong. If someone can point me in the right direction that would make my day.
It sounds like you don't really need the XAMPP install on your local machine at all. You're hosting this on Amazon and you want it to be available to the internet, so your local computer isn't involved. You can use XAMPP locally for testing and development, but for production use you'll be exclusively on the Amazon RDS cloud.
But I don't have my own website to do this and I'm pretty sure I don't need one to do this.
You may not want a website, but you do want your services hosted on the internet. That's what your RDS instance is for, and technically the tutorial is referring to an API which happens to be exposed through a web page. This is a much better idea than opening MySQL directly to the internet on port 3306.
You'll then use your Amazon host — for which you really should use a FQDN such as api.example.com rather than the IP address, but the IP address will work just fine from a technical aspect.
The files you refer to are on your local XAMPP installation; in the xampp/htdocs/phpfiles/ folder, and need to instead be on the RDS instance.
Then your application accesses the API you expose in those files which return information back to your application.
I have a mysql database at my web hosting service, which I would like to access from a C# application on my local computer.
Due to account restrictions, I can't enable remote connections on the database server.
I would like some suggestions on how to execute CRUD operations on the database remotely i.e. from my localhost or any other place which is not on the server itself. The first idea that popped in to my head was to create a PHP REST API on the server and let it do the database work.
Is that the way to go? If so, is there anything similar created already, or do I need to make it from scratch? Perhaps you have other ideas?
Background : I am creating a website (in the typical LAMP environment) that connects to a database via a PHP/XML based API on a different domain (but on the same server). The reason for this is that I do not want to have database connection details sitting on the domain I am working on. In order for this to work I've enabled "allow-url-fopen" setting for that domain.
My question is, since this is the only way I know how to do this, does anyone know a better i.e. safer and more secure method of achieivng this result?
If both the domains reside on the same server you do not need to use HTTP to get connected to MySQL, you can still login to your MySQL server locally providing the right credentials for your domain where the connection information is stored.
But it does not really serve a great security purpose, as if your connection details reside even on the same domain it is not a security loop hole as your PHP pages will not be server in any raw form as long as your webserver is configured to use PHP fine. You can and probably should keep them on same domain. In fact having a publically accessible API for database connection is a bigger loophole
Basically, I want to create an application like this:YOUTUBE
I want to create an application that when I add some information from my web host (either PHP or MYSQL) VB.NET will read it.
From your website you'll need to insert the data into your MySQL database.
The problem with using the database provided by your web host is that the chances are, due to 'Security Reasons' the will have disabled external access.
This means that any files outside of your web server (your sites root/sub directory) will not be able to access the data. So, while your website will be able to connect without a problem, your program will not.
Some hosts give its customers the opportunity to add an IP address to a white list which enables them to bypass their security system. However, most will not give you this option.
My suggestion is that you either rent a VPS where you can run both the WebServer and Your MySQL database (and PHPMyAdmin) from or Set Up A MySQL database on your PC (its not that difficult just read the manual and youll be fine). If you had a VPS then you would no longer need your pre hosted webserver as you could run your own. You would need to point your domain name to your VPS webserver. It will act just like any other.
By running your own MySQL Databse you are given the option to enable remote access. This means that any external entity with the correct details will be able to connect.
If you cant get a VPS or don't want to run your own server or rent a server that allows for external access. Check out db4free.net .They provide you with a free MySQL Database with external access for Developers to test out their systems. They are not ultra fast so that's something you may want to be aware of. Another thing is that your data that's held can be removed at any time. The servers are not there to be used permanently just for testing.
So how do I connect to it through VB???
Good Question! To establish a connection, I suggest you use MySQL.Data library provided my DevMySQL themselves and import it into your program. Done so by Imports MySQL.Data.MySQLClient. This is written by them to work with their databases. Yes you can connect using some of the functions already in VB but in my opinion they don't work as efficiently. You'll need to download the MySQLConnector to connect as well.
Hopefully That Answers Your Questions. Any Problems Just Comment below!
Regards
Joe
Good day. I have a thesis project. it is composed of a webpage created on php and a system using vb.net 2008.
As of now , they are both connected to the same database.
I am wondering if it is possible that if i packaged the system and live the website, will still be connected with one database? Thank you in advance.
If I understand you right (and the question could be better worded), you're asking what happens if you deploy the website on a different server than the one you used to develop it. The short answer is that, unless the machine hosting the database is accessible to the web server host machine, that you would also have to redeploy the database.
In other words, wherever you move the PHP-based website and VB.NET system, they would need to be able to access the machine hosting the database server. Otherwise, I see no issue with them both accessing the same database.