I'm coding an application which will be given to many clients, in order to not allow them to direct access to my database I started developing a server application with C++ which receives the client requests, interact with the database and send the responses. but this seems to be a little bit complicated, is it better to allow the client application to interact with the remote database ? and is there any risks with this?
First solution :
Second solution :
Typically you would abstract the database with an interface. A classic would be odata, which visual studio can build as an asp web service from a wizard. This is restful as Joakim recommended.
https://en.wikipedia.org/wiki/Database_abstraction_layer
There are various options like the one mentioned by 'tim' which can be done without using ODATA; that means creating a data layer (separate application) which will cater the requests from client and wont let them access the database directly. However, before suggesting I would like to know how you are hosting the web application?
You can still achieve no-access by client by blocking remote access to the database.
The concerns depend on your code and structure; both approaches are valid!
if you have a C# client why not use a C# WCF server?
what you do in soultion 1 is usually the best practice.
it allows you to:
*later switch the database.
*hides from your client the database's structure.
meaning that if someone decompiles your client they wont know how to attack you.
but it is more complex and takes lots of extra work.
if you don't fear someone will hack your database.
and you KNOW the database structure will undergo only very minor changes EVER.
you can skip this and talk strait to the database.
but you are probably wrong.
Related
I've got an Outlook tool that works on the client(PC-A) and this tool set some folder permission. Now I want to set the settings remotely over my computer (PC-B) so I dont have to go to all employers.
I've searched in google but there aren't any useful information for me and beside this I don't know how to code this. A friend told me that I can use a service for this or code a server/client that listen to PC-A.
Can somebody help me?
There are more than one way to do it. I am sorry I don't have specific code examples but simple steps on how to. Maybe you can expand on that.
Assumption : Clients and your server are in a LAN and in the same domain.
Solution1: You can have a daily or scheduled job collating the settings you need and pushing it to a centralized DB. The server (your machine) can then poll the centralized DB for the settings. Depending on how you design the table design you can have the client module change the settings based on the settings you make on the server. Since everything is on the centralized DB, client and the server hit the DB to get the information. A little complex but not much simpler to understand.
Solution2: Using the System.Net.Sockets to create a custom server and client listening on specific ports. Tech.pro has a good article on it.
Assumption : Your clients are on Internet and you are also on the world wide web and not in the same domain.
Solution1: The DB approach seems quite solid and it gives you the ability to maintain different settings for different users and have more customized approach. You can push and pull the data as Json so that the network bandwidth is not heavily utilized.
Solution: TCP approach should work good assuming you are connected directly to the internet and not through proxy. I am not sure about hits approach but it is one way.
Alternatively you can implement Solution 1 or 2 using a service, but personally I would prefer a process running on my machine only when it needs to.
Feel free to correct me.
After much Google searching and at the risk of asking dumb questions, I could use some help. I’m developing a C# WinForms client application using ADO.NET to read/write data from a SQL Server 2012 database located on the Internet. That same application also needs to upload/download data files. The client application will only be used by a few employees (ever). The employees are all in different locations. The database is only about 20 MB. There will be about 100 data files totaling about 300 MB accessed individually on a periodic basis. SQL Server 2012 is running on a (non-virtual) Windows Server 2008 R2 machine which we have full control over. The client application will be running on Win-XP and Win-7 machines.
Priorities are 1. Internet security – keeping hackers out of the Windows Server machine and off the client/server communications. 2. Performance. 3. Simplicity. Corporate security and scalability are not issues. Also, performance is not that important if the solution is overlay complicated.
Two related questions I could really use help on:
Given the above priorities, what is the best way to communicate with the database? The only two options I’ve found are exclusively; a WCF service or directly through a VPN.
And again given the above priorities, what is the best way to upload/download data files? I’m sure there are many options for this using VPN, WCF, FTP; but I don’t know any specifics. Also, using a SQL Server 2012 FileTable looks promising but I’m not sure how that works over the web. Backup/restore plus being able to do a full-text search over the data would be nice features but not requirements.
I know what a VPN is but have never used one for these purposes. I know there are some security issues with PPTP, but we won’t be upgrading the XP machines for a while. I know what a WCF service is but have never written one. I also don’t know if SOAP or REST is better in this instance. I’ve built a FileTable in SQL Server, but I don’t know how to access the data remotely. I have decent knowledge of C#, ADO.NET, and SQL Server.
I realize these are big questions with subjective answers. Still, any ideas or a shove in the right direction would be greatly appreciated.
Keep it simple and use standard mechanisms. My recommendation is as follows:
Build a WCF service that is capable of performing the operations you want. You can build a SOAP or RESTful service. My general guidance here is to build a RESTful service because you're transferring files and this is much more integrated with REST. With SOAP you have some setting you're going to need to fiddle with to transfer large files.
Use SSL to secure the service, keep it simple. A VPN is an added layer of complexity and very likely not needed in this scenario. Further, it will only make the experience for the users less friendly.
I would not recommend using the FileTable in SQL Server 2012 for your needs. You own the server so when you send and receive files it will be much more straight forward to deal with the file system.
You can also build a simple forms authentication process that creates a session key for the user and passes it back. I'm not sure this is necessary, but if you need that extra layer, just make that one of the operations. Then that session key can then be passed into each method and validated before performing the operation. This will be safe because you're using SSL.
Here is a tutorial that will help walk you through building a RESTful WCF service, and it's fairly new.
My recommendation would be to deploy a VPN server to provide the security you are looking for. There are a number of good VPN servers available, and a Google search should provide a number of options at varying price points.
Once you have deployed the VPN server (and clients to all computers not on your local network that you would like to be able to access the database), you can use ADO.NET to access the database. ADO.NET will work seamlessly behind the VPN.
From the context of your question I am assuming that the files are stored in a file system outside of the database, and the database merely references the files. If this is the case, you could use any number of options for downloading the files, but FTP is a time-tested, easy-to-implement solution. There are others that may or may not work better in your situation (see here for a few options).
I really don't like the concept of opening my SQL server(s) to the internet - even if I can lock down the firewall. However I've always been working directly with databases. I'm building a system now which involves 1 SQL Server database, a web application in ASP.NET/C#, and a few windows applications in Delphi XE2. But from the beginning, I'd like to put some sort of 'filter' around the database so I don't have to open it up.
I know there are many things out there for this, but don't know anything about them or what to get for my scenario. I'd like to keep it native to SQL Server; I don't plan on using any other type of database engine.
It needs to be connected from client to server by other means than the standard SQL connection, like a filter. It creates its own encrypted packets and transfers data its own way. I will have a wrapper class for both Delphi and C# which will pretty much be identical - and be able to stream its data into the DLL to interact with the DB.
Now there are three different ways I can go about this...
Complete SQL Server wrapper, most likely no source code, might even have its own language (I don't want to pick up another database language), and independent from my project as its own separate system.
Open-source wrapper, preferably in Delphi (XE2), or if not then C#, specific protocols for my system, entirely dedicated to my project, and in the final form of a DLL which can be used on both the Website (in C#) and the applications (in Delphi).
Web Service - however I only have 1 hosting spot (Paying for 1 site, 2nd site will be a double charge on me). I can't host any additional web services or windows services; it has to be integrated with the website. Otherwise, I would have done a web service for this.
I would much prefer the second option, and do not want to go anywhere close to the first one, and can't do the third one at all.
So any good libraries for database layers? And might there be some already installed in Delphi XE2? I'm thinking maybe an encrypted XML packet?
As an example, let's say I have a table for 'Customers'. In both my website and applications, I should never have any SQL script like select * from Customers or no SQL script in general. Instead, I will have a wrapper around the database. So I can call a function such as DBGetCustomers(Conditions: TGetCustomersConditions): TDBCustomers; where TGetCustomersConditions is some way of filtering the query, and TDBCustomers represents the results from the query.
There could also be a function DBAddCustomer(Item: TCustomerToAdd): TInsertSuccess; where TCustomerToAdd represents what to insert, and TInsertSuccess represents any result, such as error message(s) or rows affected. I do not intend for it to be working exactly like this, but just to explain the concept of any wrapper in general. When the app sends to request to the server, it still has not converted anything to a SQL Query. By the time the request gets to the server (which is able to connect to the database), then the server alone decodes everything to the SQL query.
What's the problem even if you have just one "hosting spot"? A web service is just a "site". And a web server can easily host multiple site even with a single IP address. Anyway, what you're looking for is an "application server" in a multi-tier design.
While Java invested heavily in that direction, MS did not. Delphi has Datasnap, which is a so-so framework, don't know if the new "restful" interface is easily callable from C#, it looks to have security flaws though. The .NET way of doing it is using WCF, as long as it uses a standard protocol you can call if from Delphi has well.
You could also look at RemObjects DataAbstract. It's not open source, but it is a mature library.
One of the 'traditional' ways to do this is via webservices (although this technique is now considered by some to be a bit dated).
One disadvantage is that it is not a generic wrapper you can throw around the database, but it has the advantage that you can limit access to the database easily to specific stored procedures for example, which will maximise security, and is a standard technique if you wish to provide limited authorised access to external applications.
If you already use a ASP.NET C# web application, you could also add a WCF (Windows Communication Foundation) based web service to your web site. This can provide database access to external applications, which need to connect the web service somehow. It should even be possible to use the same HTTP standard port for both the normal web site pages and the service, by mapping the web service to a specific context path like www.example.com/services/servicename
Kbmw allows you to make a ntier db architecture.
However since you have a web application involved, a better option would be WCF (as already suggested)
I'm going to develop a POS system for medium scale company
and the requirement for me is to make all data on time for all of their branches
while in my mind, move the server from local to web would solve this problem
but, i never done any online server for window application
may i know what is the best option for use as secure database ?
such as SQL can handle this well ?
i tried to google but all of the result return is not what i want
may i know what will you do when you facing this problem ?
my knowledge on coding is just VB and CS
also SQL for database
i would like to learn new if there is better option
i hope it is impossible to access by anonymous and it is store secure at back-end only
What you probably want to do is create a series of services exposed on the internet and accessed by your application. All database access would be mediated by these services. For security you would probably want to build them in WCF and expose them through IIS. Then your Windows application would just call these services for most of its processing.
If you design it properly you could also have it work with a local database as well so that it could work in a disconnected manner if, for example, your servers go down.
Typically you don't move the server off of the site premises.
The problem is that they will go completely down in the event your remote server is inaccessible. Things that can cause this are internet service interruption (pretty common), remote server overloaded (common enough), basically anything that can stop the traffic between the store location and your remove server will bring them to their knees. The first time this happens they'll scream. The second time and they'll want your head due to the lost sales.
Instead, leave a sql server at each location. Set up a master sql server somewhere. Then set up a VPN connection between the stores and this central office. Finally, have the store sql boxes do merge replication with the central office. Incidentally, don't use the built in replication, but an off the shelf product which specializes in replicating sql server. The built in one can be difficult to learn.
In the event their internet connection goes dark the individual stores will still be able to function. It will also remain performant as all of the desktop app traffic is purely to the local sql box.
Solving replication errors is much easier than dealing with a flaky ISP.
I would recommend you to check Viravis Platform out.
It is an application platform that also can be used just as an online database for any .NET client with the provided SDK. It has its own generic windows and web clients and some custom web solutions for some specific applications.
You may be using it as a complete solution or as a secure online database backend.
I am looking at writing a WinForms app and getting stumped over what seems to be simple issue.
There is a server and database (SQL Server) Open ports are HTTP, HTTPS
There is a WinForms client. It needs to connect a TCP/IP stream (possibly HTTP, SOAP, REST) to the server.
Sometimes the WinForms client goes off-line and then the WinForms client stores its data in a database.
When the WinForms client goes on-line to server, it synchronizes data to the server, gets all the latest data from the server and updates local database.
How do I do that?
Newbie question
As you've conceded, this question shows you might not know where to begin looking for how to architect this kind of application.
I'd start here: http://msdn.microsoft.com/en-us/library/ms973279.aspx
The offline architecture you've described is a little tougher for a newbie than not supporting this, consider making the application only work online first, then add offline functionality.
Also, if you have a web server you will almost always use HTTP, SOAP and REST are strategies that sit on top of HTTP. I cannot recommend that a new developer look at any server communication using direct TCP/IP.
Edit: Answer to related question - there are tons of ORMs and service builders, not a lot of them have built in support for offline workflow but ODX does, but it might be a bit out of date. NHibernate and any of the projects in the Castle Project are very popular components for what you're looking to do also.
No idea how actively this is still being supported by Microsoft, but you might check out the Smart Client Software Factory, it seems to support offline mode and smart reconnecting like you need.
http://msdn.microsoft.com/en-us/library/ff709809.aspx
You could approach this with a 'Service' mindset - Write a WebService (preferably a WCF service) - that forms the synchronization tier between your Winforms app. and remote database.
So, you would have your
1. Local WinformsApp. with a local database (as functional/lightweight as you want it to be)
2. WebService
3. Remote app./DB
Here are some links to tutorials/resources:
http://www.codeproject.com/KB/architecture/three_tier_architecture.aspx
http://services.community.microsoft.com/feeds/feed/query/tag/n-tier/eq/tag/visual%20basic/eq/and/locale/en-us/eq/and
http://msdn.microsoft.com/en-us/library/bb384570.aspx
http://msdn.microsoft.com/en-us/library/bb384398.aspx
IMHO this isn't usually as simple as it may sound
If you were able to go DB to DB, then SQL replication could be the simplest mechanism for synchronisation.
However, since it sounds like you are using a SOA approach, you might need to look at frameworks which have offline support built in, such as the Ent Lib Composite Application Block and Smart Client Software Factory
You might also look at using Queues (e.g. MSMQ) to accomodate network connectivity problems.
Microsoft Sync Framework (http://code.msdn.microsoft.com/sync) + WCF solution here:
http://code.msdn.microsoft.com/sync/Release/ProjectReleases.aspx?ReleaseId=3762
Database synchronisation is not an easy task to get started with, by any means. Good luck.
Generally, you need a local database, or at least a local cache.