Greetings Stackoverflow.
I am currently using 000webhost.com as my MySQL database / server provider. Using PHP, their service is working brilliant!
I have made a bunch of variables containing the MySQL username, password, host, DB, et cetra.
Looking as follows:
$mysql_host = "mysql3.000webhost.com";
$mysql_database = "a1966938_AtMarke";
$mysql_user = "a1966938_admin";
$mysql_password = "**********";
$mysql_table = "MarketDatas";
and I am using the "mysql_connect($mysql_host, $mysql_user, $mysql_password);" to connect to the server. Again, all of this is working perfect. However, when I am trying to connect to the database via. Client (C#) it will not let me connect, or if I declare the same variables and tries to connect to the server from another IP with PHP using the same variables and procedures, it will not let me connect?
I am confused - What should I do, so it allows all IPs?
The reasons why it does not allow connection from other IPs may be two:
the GRANT PRIVILEGES ... TO user#IP has been given to that IP but no other; if you have GRANT privileges on the database you might be able to remedy that (remember to FLUSH PRIVILEGES).
the firewall on MySQL hosting may allow connections only from their own Web hosting servers. It is unlikely you can do anything if this is the case, but try asking their support personnel.
Usually, you can implement a thin REST layer written in PHP (just google 'MySQL REST PHP interface' or such) so that you can connect to the Web hosting, and pass through queries from their interfaces (which are of course open - otherwise the Web hosting wouldn't work). This is what the HeidiSQL did on some setups, and their code might be floating somewhere. Then you won't be using the C# MySQL library but rather the HTTP library to do the work. More hassle, but more portable (also because not everywhere you can expect the port 3306/tcp to be outbound open: it is on home ADSLs, but many distributed carriers and companies will only allow outbound ports 80, 443, 110, 25 to some IPs, and a dozen others - and 3306 isn't among them; but this depends on what you're planning to do with the C# client).
However, if you get "cannot resolve port", this might also be caused by the client library and you might have to specify the MySQL connection port value manually; the default value is 3306, and (usually) you can specify it in the host name, such as "myserver.host.com:3306".
For security, hosting companies usually lock down MySQL servers to only respond to the IP addresses of the web hosts on their networks.
So, the short answer I'm afraid is that you probably can't set it to allow all IPs.
Related
I have added a database via phpmyadmin on a server. I can access it via http://ipaddress/phpmyadmin . but when i try using those credentials to connect to that db on a c# app , i get the error : unable to retrieve the list of database.
I don't have the right to access the server. I have a user who has rights to two db which i can see when i remotely connect to that server's phpmyadmin. Is it possible that i have right to the db just via phpmyadmin but can't access it via app because i don't have the right to do it because mysql is forbidding it ? I also have a raspberry pi handy. is using it as a db server a better alternative than this ?
Since phpMyAdmin runs on a web server, most people install it on the same machine the database is running on and access it remotely through the network. That means their phpMyAdmin is communicating with MySQL locally, often without the connection leaving the server. Your C# application, on the other hand, is a compiled application that would likely run on your client machine, not the server - meaning any connection from the application to the database is occurring through the network (or internet, depending again on your configuration). Since exposing the MySQL port is generally a bad idea, your MySQL may be configured to only listen locally, or you may have a firewall or NAT connection blocking you from even reaching the server. If that's the case, you may need to rethink how you'll communicate with the database (oftentimes exposing an API is a better solution than opening port 3306 to the world).
It's also possible you're using two different user accounts. To MySQL, an individual user account consists not only of the username, but also the hostname. You can use a wildcard hostname (%) which means all hosts, except it's really "all hosts connecting via TCP/IP networking connection."
It's possible that your application and your phpMyAdmin are using two different connection methods; one using TCP/IP and the other using sockets. Check which phpMyAdmin is using (the easiest way to do so is to look at the host phpMyAdmin is connecting to; 'localhost' is a socket connection and '127.0.0.1' is networking). Configure your C# application the same way.
PostgreSQL, by default, does not allow remote connections. I know I could change the configuration to allow remote connections, but the software vendor will not support making any changes to the configuration. Since we develop add-on products for this vendor, we cannot simply ignore their wishes.
I would like to access Postgres from a remote computer. But making connections must come from what appears to Postgres as localhost. I'm not at all familiar with what I believe is called a TCP Port Forwarder, or maybe it is called a proxy? or Relay? In any case, I need to make remote connections to Postgres as if the requests were coming from localhost.
I already have a Windows service running on the same server as Postgres, so I would like to add this port forwarder, proxy, rely on this service. We need to do this in c#.
Alternatively, if there is already a tool available for this purpose, that I can run as a service, that would be fine as well.
It is correct that by default Postgres doesn't allow remote connections. But this can easy be changed in the pg_hba.conf file.
For this you just need to add a line with the address of your remote host.
For example:
host postgres all 192.168.12.10/32 md5
Columns:
Type: in your case Host
User: I used postgres in this example, but I recommend you
using a dedicated user as postgres is a superuser.
Database: Which database you want to access via this user and host, I left it to all, but again it is advisable to be more specific
Address: The address of the remote host
The authentication method. (md5 for md5 encrypted password). You can also set trust if you don't want any authentication at all.
For more options I refer to the postgresql documentation: https://www.postgresql.org/docs/9.3/static/auth-pg-hba-conf.html
You say you have a windows service running on the same computer and I take it that you have the code of that service under your control. In theory you can add some code in the service and get the updated binaries installed on that computer. This code can do the proxying between incoming tcp connection from internet and local postgres. From postgres point of view it will look like a localhost connection.
But,
There are some very valid reasons why only local calls are allowed and calls over network are blocked.
Your service may or may not be running with sufficient privileges to listen on a publicly open port.
If any antivirus is running on the machine, it will most certainly flag your app as suspicious and frankly, it is.
Best way to approach this is to ask the vendor nicely to grant access - or to work within the limitations.
It smells of some legal or ethical wrongdoing, but i may be wrong.
Having said that, here are the basic steps:
The service onStart registers a TcpListener on ip 0.0.0.0 and some port known to you.
On a seperate thread in a while(true) loop attempt to GetStream()
Start a TcpClient on ip localhost and postgres port
On a seperate thread in a while(true) loop attempt to GetStream()
In a while(true) loop read from listener's stream and write to client's stream. You may want to use a buffer or an array.
loop until you read a -1
This algo should work in principle.
I hope you are not hacking someone. Please dont.
You need to create a user and allow remote connection to this or an existing user.
you should be able to connecte remotly.
good luck.
I have created an SQL Server and a Client (c#) that directly queries the server. The problem is that I feel this is not secure, because every client (say 5 different clients in total) now has the connection string and i believe this is a crucial vulnerability.
What is the best way to create a back-end for an SQL Server running on my machine. This SQL Server will have to be accessible over the internet from various clients. Is the best option some C# application running with some library to interpret calls from the client?
It will be never secure if you allow your clients to CRUD without login, it is also unsecure if you pass your connection string to your client, if it is not necessary.
The better practice to implement a more secure backend application is you wrap actions into API (let's say UpdateClientInfo()), all database accesses go into the APIs and only allow your client to make use of the API. In this case your connection string will not be transferred via internet.
When the existing APIs are not suitable for your clients, kindly ask them to pull a request and implement the request, instead of providing the connection string to them.
It is also necessary to require the clients to provide user + password when they would like to access to your service.
There are many possible solutions. Exposing the database server is always a security risk. As you're obviously running on a Windows server I'd use a WCF service to handle the communication between the clients and the database.
It is also be possible to implement REST services in C#, which allows you to communication via ports 80 or (preferably) 443. That, depending on the firewall configuration, may be a good idea anyway, as it is a standard port which in most cases will be open for outgoing communication from the client side and can be enabled on the server side.
Look at existing APIs (for example for online shops, etc) to see how they group resources. This will help you design better APIs yourself.
I am new to the idea of connecting my application to an online database and by online, I mean a database from another PC that I need to access by using the internet.
I am not new to accessing a local database, in fact, I made a class that stores all the parameters that I need to connect to a database.
Can anyone help me? What do I need to configure in my SQL Server and in my codes to make it accessible through the internet? I hope someone can help me. Thanks!
In your comments (and question) you mention that you have a specific server that needs to talk to a specific server. There are a few options:
Expose the sql server directly to the internet and use the IP to
connect. THIS IS A BAD IDEA... This opens you up to hacks, port
scans, and generaly bad things.
Use a VPN from one machine to the other and use an IP address within the VPN. As long as your VPN is correctly set up and secure; this negates the security problems in option 1.
Use a web service to expose the SQL server over the internet; require authentication in the web service. You can even tie it to a remote IP so that it only accepts calls from your first machine. This is clean and tidy; it allows for expansion in the future (new machines, non SQL, other functions, etc). However it is the most complex option.
Myself I would use option 3; it may take longer but it is a good way to break apart the functionality and provides a way to expand in the future. However I suspect that option 2 may be your best bet for what you are asking.
I'm new to web development and I'm developing a web app in MVC 5 / C# where I want to access data from the SQL server from multiple devices (laptop, PC, iPad etc).
I've setup a small test website and SQL database on the Azure account and have been able to run CRUD operations from the website from a single device.
The problem I'm facing is when trying to access the data from another device. I'm constantly needing to manually add new IP address to the SQL firewall. To make matters worse my ISP has me on a dynamic IP.
Eventually I'm planning to provide a subscription service where clients can login via the website and access their data. Is there any way to allow multiple connections to an Azure SQL database without having to manually update the firewall?
Would setting up an Azure VPN an a VM running SQL server be the way to go?
Regards,
Marc
Might be worth taking a look at Windows Azure Mobile Services. Mobile Services provides a REST interface over your Windows Azure SQL Database automatically. Could be a good option, especially if looking to access the database from multiple devices.
http://www.windowsazure.com/en-us/documentation/articles/mobile-services-windows-store-dotnet-get-started-data/
In general, under NO circumstances should you ever make your database server directly accessible to the general public. There are far too many security risks associated with doing so- by exploiting vulnerabilities in the SQL capabilities, you (as a hacker) could quite easily take full control of the instance. That's one reason why you have to constantly update your firewall settings.
To solve your issue with the ISP re-assigning IP addresses, I would ask the ISP for a static number. It will probably cost you on the order of $10 per month, but worth the saved headache in my opinion. I am fortunate to have Comcast, and they do not reassign IP addresses randomly, but I know several other ISPs who do.
The generally-accepted way to make your data available is through a REST-based web service.