I'm working on program (written in C#) that would run on few computers at once (their amount will very likely change over time). I want to save some data into SQL everytime some event occurs (nothing too complex, just a bit of information).
I'm not really sure how to do this the best way. I have these two options, I can connect directly to the SQL database straight from the program and insert everything I need, but I find this rather unsafe because someone could you this in bad way and gain access to my SQL without my permissions.
So I came up with this idea, I will have certain PHP file on the server which will handle all the data (my program will open internal hidden web browser window with address of the PHP file and all needed variables (I will use GET over here) and then it will close and wait for another event to happen).
Is the second solution way too bad habit to do or is it reasonably okay? Or even better, is there any better, more clean, solution to this kind of problem?
(It's not any kind of spyware or anything like that, it's just doing kind of diagnostics on the computer and giving me results with user's knowledge..)
Each time any event occurs, I have to insert one line into the table and it includes computer's ID, time and the event information.
The address used could look somewhat like this http:\\server.com\handle.php?id=xxxxxxxx&time=xx-xx-xxxx-xx-xx-xx-xxx&data=something
Is your application running on a LAN or are you on the Internet?
If you can access your SQL Server directly from your application on the default SQL Port (1433) what kind of security issues do you see?
If you run your application in a certain security context, you can connect to your SQL server using Windows security -> no username and password is sent.
BR
Frank
Related
I am a beginner at SQL Server, data storing and web technologies so I don't know how to accomplish what I try to achieve. I am a hobby C# programmer and let's pretend that my program allows you to enter a text, like an article, so its a huge basic string.
I am using SQL Server 2014 Express, and I know that it is possible to set it accessible for other users through the internet. Currently I only have small amount of data in it. Because I have read on the internet that it is never a good a idea to store e.g. a huge string in it and it's not the way to go.
I've heard that you could save the storage location of that string object in the SQL Server database and access it with that.
So that is my question if this way above is a good working solution. So that I save data e.g. in a VM and make this VM accessible for the internet with user identification and the SQL Server database gives you the information to connect to the VM's data and the information about the storage location of the requested object. I want users to be able to up- and download data from other users but all the data is in one public place. (like a VM on my pc or a different pc)
As I am a student, I don't have money for a web service or web server but I am curious about your opinion to the whole subject. I don't want any code from you, just the idea about the way of global data storing/sharing these days.
SQL Server is a database so yes, it can hold information (even a huge string which would be a data type called varchar(max) or nvarchar(max) depending on if you need it to hold other languages. If you are putting the code on a web server and then a SQL Server in a VM though I wouldn't give permission to the VM to the internet, I would just give it permission to access the web site and have the website put/pull information from the database. You might want to look into something like SQLite though - SQL Server could be overkill if you are only looking to store one string.
SQLite is free so you wouldn't have to pay for it. Pretty much any database can store images as a binary object so you can do that in SQL Server or SQLite. A tutorial for SQLite is here: https://www.codeproject.com/Articles/196618/C-SQLite-Storing-Images
MySQL is another option - it really just depends on how robust you need the server and what you are attempting to do with your web code as to what would be the best fit.
I wouldn't make any VM accessible to other people on the internet ever, unless it was behind some sort of VPN and protected appropriately and those people were part of your organization. What you are looking to do is set up an API where users can register, obtain a valid API token then make requests for certain information that could be in your database.
If you are learning, a PHP REST API (or any REST API in a language you like) in conjunction with MySQL is usually a good place to start with lots of documentation. You can do this with frameworks like laravel or codeigniter.
If you want to stick with Microsoft's SQL server you will probably run into some licensing issues should you ever expand. Beyond that, I am not too familiar with asp.net / vb.net (microsoft's frameworks)
Best of luck on your searches.
I created a C# application that uses .mdf database and it works perfectly on my PC.
Now i wanted to install that application on network PCs that can connect to a single database and use that data.
I tried changing the connection string in application with only changing file path, but it doesn't work. How can i use one PC as server and use program as client application that can connect over network. How do i set up SQL server on that PC, and should i do that? How is this done? I couldn't find any tutorial so far...
Could someone help me a bit.
I don't think you should be doing this, this is something that I once looked into myself. I once used a standard base unit for this same purpose and although it worked fine your not really supposed to do it.
You have to ask yourself how important the application is to the business. If its critical then this would be a real bad move for a couple of reasons :-
1) What happens if base unit hosting SQL Server dies? or is switched
off. Your unstuck.
2) You will only be able to schedule backups of the
SQL Server Database on the local hard disk . If the Disk dies then you
will lose everything.
When all is said and done, for the scenario that you are presenting, a MS Access database is probably a cleaner way to go. Access databases, albeit dated, can be hosted on a shared network space and can be accessed by multiple users. ADO.NET is nt too bad and you can still use LINQ with Data Tables etc.
What your looking into doing in your description wont really be fruitful unless your hosting the SQL Server on an Actual Server, as its designed for.
Some people suggest using using SQL Compact, but that itself is designed only to run from a local machine.
Hope this Helps.
#Milan: Go to the SQL Server configuration manager and enable TCP/IP service for SQL Server. As sql server uses TCP/IP for communication.
This link will help you.
http://kristofmattei.be/2010/06/21/enabling-sql-server-2008-r2-access-over-network/
I'm going to develop a POS system for medium scale company
and the requirement for me is to make all data on time for all of their branches
while in my mind, move the server from local to web would solve this problem
but, i never done any online server for window application
may i know what is the best option for use as secure database ?
such as SQL can handle this well ?
i tried to google but all of the result return is not what i want
may i know what will you do when you facing this problem ?
my knowledge on coding is just VB and CS
also SQL for database
i would like to learn new if there is better option
i hope it is impossible to access by anonymous and it is store secure at back-end only
What you probably want to do is create a series of services exposed on the internet and accessed by your application. All database access would be mediated by these services. For security you would probably want to build them in WCF and expose them through IIS. Then your Windows application would just call these services for most of its processing.
If you design it properly you could also have it work with a local database as well so that it could work in a disconnected manner if, for example, your servers go down.
Typically you don't move the server off of the site premises.
The problem is that they will go completely down in the event your remote server is inaccessible. Things that can cause this are internet service interruption (pretty common), remote server overloaded (common enough), basically anything that can stop the traffic between the store location and your remove server will bring them to their knees. The first time this happens they'll scream. The second time and they'll want your head due to the lost sales.
Instead, leave a sql server at each location. Set up a master sql server somewhere. Then set up a VPN connection between the stores and this central office. Finally, have the store sql boxes do merge replication with the central office. Incidentally, don't use the built in replication, but an off the shelf product which specializes in replicating sql server. The built in one can be difficult to learn.
In the event their internet connection goes dark the individual stores will still be able to function. It will also remain performant as all of the desktop app traffic is purely to the local sql box.
Solving replication errors is much easier than dealing with a flaky ISP.
I would recommend you to check Viravis Platform out.
It is an application platform that also can be used just as an online database for any .NET client with the provided SDK. It has its own generic windows and web clients and some custom web solutions for some specific applications.
You may be using it as a complete solution or as a secure online database backend.
Greetings!
I'm needing to deploy a compact database with an application I am working on. The database acts as a cache for data the app has already seen, and that data will never change, so the cached values will never become outdated. I've chosen SQLite, and I'm writing in C#.
I'd like to protect the database files so they cannot be easily accessed or edited by the user - keeping access to my application only. Now, one option is to use password protection which is fine except that with tools like Reflector one could easily view a near original version of the source and check the passwords/how they are generated per file and replicate this.
Are there any suggestions on how to achieve this result or something close? Have people done something like this in the past?
Thanks!
Security by obscurity.
If your apps can decrypt it, then your user can do it too.
If you want to keep it secure, you'll have to keep it for yourself. Your best bet is to store the database on a server and make it available via a web service. Perform access control checks on your own server so that the application can only access the parts of the database it has to see.
I don't have a clearcut answer for you (obfuscate your code during release deployment, make the password obscenely long) as the golden rule stands: If they have physical access to the executable (substitute machine/car/door) they can get in if they want(and have skills).
All you can do is make things difficult for them.
This area is not my forte, but one thing I could suggest is to just think about what data you are actually sending and determine if there is any way that you can limit any of the more sensitive data from being transmitted to the client in the first place.
If your concern is over sending things like ID numbers account numbers to the client, then perhaps you could translate those values into a client-only version that is meaningless outside of your application. Your server could have a table that contains the translation between the real values and the client-only values.
Let's say you have this table stored in your server's database (not the client database!)
RealAccountNumber ClientOnlyAccountNumber
981723 ABC123
129847 BCD234
923857 CDE345
...
So the client only sees the account numbers in the ClientOnlyAccountNumber column, and when a client sends a request to the server for an action to be performed on account "ABC123", the server knows to translate that into account number 981723.
I don't know if anyone has any expertise with Novell Netware or not, but I situation where one of my clients is getting a weird error trying to move a file to a netware share. The situation is pretty complicated but I'll try and outline it as best I can.
1) The application is running as a service
2) The file to be moved is a local file in an accessible location (to the service)
3) The file is being moved with FileInfo.MoveTo().
4) The MoveTo is throwing an IOException and the message is "a device attached to the system is not functioning".
I'm at a loss as to explain what might be happening. On a side note, it seems that running a small test program interactively using the same method (FileInfo.MoveTo) to the same location works fine so it seems to be associated with the service itself.
Any help would be hugely greatful. Thanks.
Kristofor Wilson
That's normal. Windows services need to login to the server separately, like local users do. When you run your program interactively, it accesses the NetWare server using your, already established, connection. To access the server from the service, your program needs to establish its own connection first.
I am afraid I don't know how to login to NetWare from a C# program, and I am not sure if it is possible to set up your service that it does not need to log in to NetWare. I'd explore one of these ways though.
Oh, almost forgot. If a local user has NetWare volumes mapped to disk drive letters in Windows, like SYS: volume to P: and so on, these mapping will not be visible to the service; it will have to map the volumes to letters separately, or use UNC paths
The later (Last versions) of Netware where able to emulate a windows server whilst still functioning as a Netware server. No big deal to set this up so might be an option for you,.