My database is now hosted on a server which I only can reach using an SSH tunnel. My code uses NHibernate that worked before the move to the new server but afterwards I haven't been able to connect to the server.
Anyone have any example on how I can open an SSH tunnel and the create a session in NHibernate for the fetching and saving of data?
Update your connection string to target the local entrance to the SSH tunnel.
Update
It appears the question is really how to create an SSH tunnel from a .Net program. I'm not aware of any built-in functionality in .Net to do that. A quick google (https://www.google.co.uk/search?q=ssh+c%23) turned up some possibilities), here's one of them: https://sshnet.codeplex.com/
There appears to be several other libraries judging from the google results. Have you tried any of these?
I suspect it might also be possible to have your program start e.g. PuTTY with suitable command line arguments. I haven't researched this and a library would be cleaner of course.
Related
PostgreSQL, by default, does not allow remote connections. I know I could change the configuration to allow remote connections, but the software vendor will not support making any changes to the configuration. Since we develop add-on products for this vendor, we cannot simply ignore their wishes.
I would like to access Postgres from a remote computer. But making connections must come from what appears to Postgres as localhost. I'm not at all familiar with what I believe is called a TCP Port Forwarder, or maybe it is called a proxy? or Relay? In any case, I need to make remote connections to Postgres as if the requests were coming from localhost.
I already have a Windows service running on the same server as Postgres, so I would like to add this port forwarder, proxy, rely on this service. We need to do this in c#.
Alternatively, if there is already a tool available for this purpose, that I can run as a service, that would be fine as well.
It is correct that by default Postgres doesn't allow remote connections. But this can easy be changed in the pg_hba.conf file.
For this you just need to add a line with the address of your remote host.
For example:
host postgres all 192.168.12.10/32 md5
Columns:
Type: in your case Host
User: I used postgres in this example, but I recommend you
using a dedicated user as postgres is a superuser.
Database: Which database you want to access via this user and host, I left it to all, but again it is advisable to be more specific
Address: The address of the remote host
The authentication method. (md5 for md5 encrypted password). You can also set trust if you don't want any authentication at all.
For more options I refer to the postgresql documentation: https://www.postgresql.org/docs/9.3/static/auth-pg-hba-conf.html
You say you have a windows service running on the same computer and I take it that you have the code of that service under your control. In theory you can add some code in the service and get the updated binaries installed on that computer. This code can do the proxying between incoming tcp connection from internet and local postgres. From postgres point of view it will look like a localhost connection.
But,
There are some very valid reasons why only local calls are allowed and calls over network are blocked.
Your service may or may not be running with sufficient privileges to listen on a publicly open port.
If any antivirus is running on the machine, it will most certainly flag your app as suspicious and frankly, it is.
Best way to approach this is to ask the vendor nicely to grant access - or to work within the limitations.
It smells of some legal or ethical wrongdoing, but i may be wrong.
Having said that, here are the basic steps:
The service onStart registers a TcpListener on ip 0.0.0.0 and some port known to you.
On a seperate thread in a while(true) loop attempt to GetStream()
Start a TcpClient on ip localhost and postgres port
On a seperate thread in a while(true) loop attempt to GetStream()
In a while(true) loop read from listener's stream and write to client's stream. You may want to use a buffer or an array.
loop until you read a -1
This algo should work in principle.
I hope you are not hacking someone. Please dont.
You need to create a user and allow remote connection to this or an existing user.
you should be able to connecte remotly.
good luck.
We are using v6.9.9 of the .Net MySql Connector to access MySql using this connection string, specifying that SSL is required.
Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword;
SSL Mode=Required
Our DBA has turned on support for SSL, but during my testing, I am able to connect to the server regardless of whether I have certificates installed on my machine, and also regardless of whether I have "SSL Mode=Required" or not.
However, when my DBA disabled SSL, if I use the above connection string, I got an error that SSL was not enabled.
Therefore, I really just don't know if my network traffic is being encrypted or not. How can I verify?
--
My question is a bit of a duplicate to this one with no accepted answer.
How to check whether a MySQL connection is SSL encrypted?
Some recommend using WireShark to test. Does anyone have step-by-step instructions on how to use this tool to verify my SSL connections?
--
This link talks about calling "status" from the MySql client.
https://dba.stackexchange.com/questions/36776/how-can-i-verify-im-using-ssl-to-connect-to-mysql
I asked my DBA to try it - but he isn't able to call that method against my connection, only against his local connection. Is there anyway to call this, for example, within my c# code?
I tried this, but I don't think the returned values tell me if the connection is SSL or not.
SHOW SESSION STATUS LIKE '%Ssl%';
Anyone with detailed information on how to verify my SSL connections would be greatly appreciated! Thank you!
Didn't work a lot with databases, but network/wireshark expertise is enough for you task. So what should you do:
Prepare capture setup using this tutorial
Start sniffing network with wireshark and perform some queries to your database
Filter traffic by database IP-address and/or port using display filter, so irrelevant packets aren't shown
Examine displayed packets. Compare them to sample of MySQL over TCP and to sample of MySQL over SSL. Hint: you can see queries as a plain text in unprotected connection, while SSL makes packet payload look like bunch of random garbage.
I have a windows tablet application which store some data from the users. Now i need to send this data to a server via Internet. What all options are there for me to try?? I think syncng the server and client database wont do good since multiple tablets are getting connected to the server.
I think syncng the server and client database wont do good since multiple tablets are getting connected to the server.
Why do you think that? How do you think web servers work? Databases can easily handle multiple connections.
You can either directly connect to the db server, if it supports remote connections, or you can create a webservice and communicate with db via that. Either way, be sure to set the permissions right, otherwise you might have a serious security problem.
// edit to address concerns in the comments
If you want to use a direct connection, you connect to a database exactly the same way as if it was on the same machine. How do you connect to that CE db?? You just need to alter the connection string, but everything else stays the same.
If you want to use a webservice for parsing and communicating with the database, the things get a bit more complicated, but it's still fairly simple. Search the google (or SO) how to use a webservice and how to create one. There are plenty of examples and tutorials out there. It's impossible to cover it all in here I'm afraid.
Here's the question, I need to connect to a remote MySQL database from my C# Application, problem is the MySQL instance will block all access to all IP's apart from localhost, this can not be changed as its too much of a security issue.
The question is, is it possible to connect via a tunnel instead to a php script hosted on the server, this would then act as the mysql connection.
Any ideas and suggestions?
SQLYog (a mysql management GUI utility) already has this php tunnel script with its own custom API, so if you consider writing it yourself, would be nice to have cross-support. See Is there any good universal PHP MySQL HTTP tunnel?
yes, just create a simple PHP script that will give you the desired output and use http request from the c# application to that php script to get the data - basically, you'll be building a very simple REST API (with authentication)
p.s. I don't see how that would be more secure than SSH tunnelling
I ended up with going for an SSH port tunnel and achieving what I needed to do that way.
I am just learning c#, and am programming a Windows client that collects temperature data from the computer and needs to send it to a remote linux mySQL Database.
I was going to program it directly in the c# client, but I want to learn more ways to do this and gain experience. And programming it directly would be less secure and most likely require an extra connector.
Can any of you advise me of other ways, or ways you would do this?
Any way to program a C# program that acts as a web-service on my linux mySQL Server? Where should I look/search to learn more about this. Is it called something special? Or maybe its not done in C#?
Should I program a php script that accepts HTTP SEND/GET requests from my C# Desktop client?
Any other way?
What way is most 'professional' in the real world? Trying to learn on my own! :D
FORMAT:
Windows Desktop: client programmed in C# That retrieves temp data and needs to send to server
Linux Server: Runs Apache and mySQL Server with a database already setup. Closed to outside Connections
My advice is to set up a web service to communicate with your windows client. Directly connecting to mysql server is ok if they both resident in a same lan, but if not, for example your windows client is running on some laptop travelling everywhere or even the mysql server permits local incoming connection only, your should set up a web service. Also the http connection can usually go through firewalls while connections over other ports are blocked.
php is a good way to do this. Since you are learning c#, you may want to use c# to do the server side programming as well, so why not give a try of mono?
Directly exposing a MySQL Server to the internet is strongly dicouraged, Additionally this gives you a rather coarse-grained set of access rights, that might not be enough for your application, so running some sort of server app is the right way to go.
With mono you can run a lot of .Net (and thus C#) based code on a Linux server just fine. Rule of thumb is: If it doesn't have a Winforms GUI and no P/Invoke it will work just fine. Ofcourse this needs mono on the server, which is not given on most commercial hosts.
Running the server in PHP makes it a lot more portable, but has a performance overhead. Additionally it doesn't allow for some of your busines logic objects to be implemented in a DLL assembly and used on both sides.
As for the protocol: Chose your poison. Rule of thumb again is, that predefined protocols such as SOAP tend to need a bit more work (and more learning in the first go), but on the long term tend to be more robust.
For your special use-case I'd personally go with a quick PHP based solution where the protocol is just a simple GET with a few parameters, one being the temperature(s) and the others authenticating the client.
If the temperature sensor generates events, then I would 'push' the data from the Windows box to the Linux box - this will save the latter checking often and finding no updates. However if you are just taking temperature samples, I would 'pull' the data from the Linux machine. Either way, if you want to use HTTP you will need a web service on either side.
Alternatively, you could just connect to your MySQL database remotely from C#, and write the data directly (no web service would then be required). That might be the quickest way to get this working.
The 'which is professional' question is subjective - all three options above are fine. Just make the code clear and concise :)