Good day. I am new to flutter web. If someone can assist or point me where I can get the correct info I would appreciate it. I need to save data in mysql on the same server that the flutter web app is uploaded to. What I want to know is if I must do a http request even though the mysql and webapp is on the same server? I guess I need to create a .php file to post and fetch data from the mysql database. But if you are on the same server do you http to the .php or is there another way? Thanks in advance.
If you meant with "HTTP to MySQL", to directly from Front-end access MySQL through some Web-API, then no there is no such thing supported by MySQL.
But you can create your own Web-API Back-end (a .php script), which redirects requests to MySQL, and then Front-end only needs to communicate with said Back-end.
The Front-end may seem to be on same server,
but the Front-end logic runs on the user's Browser, which is far away from server.
I asked a question today about dynamically changing a php config file for connecting to MySQL, and it was obvious it's a bad idea. But after searching the Play Store I found a MySQL client app where you can add connections after inputting the host,database, username and password, which makes me wonder how that app works. Does it not send a POST request with the database information to create a config file with whatever server side language they're using? If it does that then does that mean the app is not very secure? Or is it using another way to connect to the database?
Be Clear: This question is not about password encryption/hashing to save into database.
I have developed a PHP application for a client. The application is installed on client machine with XAMPP (placed at htdocs/project_name). Client uses that application locally but the local database is synchronized with remote MYSQL database by Export Report button available on web interface.
My concern is when I store a connection string for remote database in my PHP code the username & password are visible to any guys who can hunt PHP script file and can see it. I don't even wish the client be able to view passwords used for remote connection/synchronization.
How can I achieve this?
You want to give user permission (login data) to connect to the
database but at the same time don't give him permission (login data).
The only thing that is on my mind to store login data corrupted,
and in code decrypt this data with some key hardcoded in the script. This is hackable,
but if the user is not programmed it is unlikely to do this
If you accept Kerckchoff's principle then it is impossible to provide an authentication which is available to a program run by a user without making that token available to the user. If you provided a better description of the problem, specifically the modes of operation you are trying to prevent then we might be able to provide effective solutions (e.g. encapsulating all data access in packages would restrict access to data for specific users).
I am developing an application that needs to send data to a server so that the server data can be outputted on a website table.
My question is how is it done? I already know how to create tables and whatnot, but when a user creates an account on the phone application, how is it going to appear on the table on phpmyadmin?
# Zarathuztra convenient phpmyadmin is a tool to manage MySQL databases.
What you need is a script on the server that receives the requests from the smartphone is making special thinks inside. Save or manipulates the data in the database and sends the result back on to the phone. This is not the opinion, we can teach you on StackOverflow, sorry.
Watch out for cloud database services to your problem on the internet or ask are PHP-coder for help.
I am currently working on 2 web servers, One Coldfusion and the other PHP.
Right now, the Coldfusion server is my main server where users log in to access restricted data.
However, I have also begun using a PHP server and want to make it transparent for users to access a specific page on that server - that server requires log in information as well.
I do not want the users to log in twice.
Is there a way to accomplish this ?
Thx
UPDATE: Working in an Intranet environment, so I can't use any public solution.
UPDATE: Reason I am asking for this is because we are moving from a MSQL / Coldfusion environment (Initial server) to a PHP / ORACLE (new server). So I have 2 user tables as well (although they contain mostly the same information).
I am trying to faze out the use of our initial server in favor of our new server transparently to the user and thus I have to work in parallel for the time being.
Most single-sign-on solutions work a bit like this...
Main system authenticates use
User opts initiates a need to move to system 2
Main system authenticates the user with system 2 in the background
System 2 supplies a random, long and disposable token to Main system
Main system redirects the user, with the token, to system 2
System 2 checks the token (and other factors such as IP address) to validate the session
System 2 disposes of the token to ensure it can't be replayed
You would want to ensure that the transmission channels had some security on, especially where Main system and system 2 are talking to each other. You would want that to be a secure transport.
Store sessions in a database, and share them between the two apps.
You could use xml-rpc to get user data and log the user into the other site when they have a login cookie for the first one and vice versa.
Php manual page for XML-rpc
Here is what I have done, in running my own game server, had users on sql server, and on mysql, and wanted to integrate them both.
I made sure that if a user was created on 1 system, was also created on the other.
So you can modify code in both applications, to automatically create a user in other system if it is created on here.
Depending if both servers share a domain, can you do cross-domain sessions or cookies...But my best guess is to store and retreive data...
Or..
as a person logins/registers record their current ip address, on both servers, then check if this person was on the other server within 2-5 minutes, if so, use the ip address to identify them....
This system is tricky because timing is important, so your not leaving a huge hole in your security....But for short term, going between servers, this is simplest solution, in my own opinion.
Good Luck.
If you are on an intranet, you can actually sniff out the network username of the user from the PC they are logged into the network on using PHP. This assumes that:
You are using IIS to host your PHP application.
Your users are using Windows.
Check the section "2.2 Enabling Support for Detecting Usernames" here.
After that, all you need to do is investigate if the same is possible from Coldfusion, and you have the basis of an SSO solution based on the network usernames.
How about implementing an OpenID solution, much like the one apparent on StackOverflow?
You may benefit from dropping a shared object on the client machine via Flash or Flex. This object could then be read from ColdFusion/PHP/Python on servers that otherwise had no connection to each other or access to a common database.
Here is a simple example from the Adobe Docs
Maintain local persistence. This is
the simplest way to use a shared
object, and does not require Flash
Media Server. For example, you can
call SharedObject.getLocal() to create
a shared object in an application,
such as a calculator with memory. When
the user closes the calculator, Flash
Player saves the last value in a
shared object on the user's computer.
The next time the calculator is run,
it contains the values it had
previously. Alternatively, if you set
the shared object's properties to null
before the calculator application is
closed, the next time the application
runs, it opens without any values.
Another example of maintaining local
persistence is tracking user
preferences or other data for a
complex website, such as a record of
which articles a user read on a news
site. Tracking this information allows
you to display articles that have
already been read differently from
new, unread articles. Storing this
information on the user's computer
reduces server load.
Full Information: http://livedocs.adobe.com/flex/3/langref/flash/net/SharedObject.html