I have a question regarding C# Windows Forms connecting to external hosted databases.
I have a GoDaddy SQLServer 2008 database that I use for my web development database purposes. I am creating a C# windows form and I need that to connect to the database. I know how to connect a C# Windows Form to a local database, so I figured that the only difference would be to use a different connection string.
The connection string I am using is as follows:
Data Source=limeoatsdb.db.8996219.hostedresource.com; Initial Catalog=database; User ID=userid; Password=password;
I replaced the values above with dummy values, but obviously in my code they have the correct values.
First of all, is it even possible to connect a C# windows form to a GoDaddy database?
Secondly, if it is possible, any ideas on what I am doing wrong?
This is not possible. GoDaddy blocks all connections to its databases from systems it doesn't manage.
This is typical of many hosting companies. It's common that you can only use their databases from their own systems, for security reasons.
If you need access to your data, you'd need to create some form of intermediary step, such as building an API in your website which could be accessed by your form.
Beyond GoDaddy blocking ports, I should point out this is a bad idea if you plan on distributing the app.
If you allow clients to connect directly to your database, you're essentially leaving the front door wide open. There'd be nothing stopping me from connecting to your DB server with SQL Management Studio and fiddling with your data.
Think of it this way: in a web app, you'd never give client-side JavaScript direct access to your database. Instead, it has to go through your app server.
I'd create some kind of server that provides an API that the client Win Form can call. The server can even be a regular web server that provides REST/SOAP/whatever APIs. A good place to start might be looking in to WCF.
Yes, you can connect to a SQL Server database on GoDaddy servers.
It's a feature I've used to access the database through SQL Server Management Studio.
Check this: https://stackoverflow.com/questions/357147/go-daddy-sql-server-2005-remote-connection
Basically, when creating your database, make sure you check the "Direct Access" option.
Obviously, this is a security issue you must be aware of.
Related
I am tasked with creating a central Database for a small office to allow multiple computers to connect to a database using a C# program. I have already written the program and it currently connects with a database that is in the bin folder.
I am completely lost as to how to move on to creating a multi user environment. I searched all around SO and tried downloading Microsoft SQL Server, but I have no idea how I would set this up in the office and allow it to be accessed from multiple computers. Also, from the information I've gathered, Microsoft SQL Server needs to be running at all times to allow a connection -- this isn't a deal breaker, but is there any other methods that wouldn't need this? There isn't exactly a "main computer" in the office that is always running.
To run a centralized sql server database in your office you would at a minimum setup sql server on a "server". The server can be pretty simple unless you expect a heavy user load.
The server has to be on in order to allow connections.
Sql Server exists in a free version called Sql Server express, but it has limitations when it comes to scalability, so it's not meant for large systems.
You can download it and install it on your server in the office and connect to it through a connection string in your application.
You can also consider open source platforms like mySQl, but it would still require a central server.
Alternatively you can consider a hosted solution where you have a company host the database for you in their data center.
If you do not have the server computer in your office that will host the DBMS and allow others to connect to your DB using the web interface, try to use Windows Azure. This will cost you some money. Here you need to estimate what is cheaper for you: purchase a server or pay for the azure.
I was wondering what the best approach to make secure connection to SQL Server would be? Here is my scenario. At my work, we have SQL Server 2012 Standard. My boss wanted me to create a new DB utilizing TDE. I found out that you have to have Enterprise Edition in order to use TDE. We looked into it and it was going to cost a fortune, so we are not going to purchase Enterprise Edition. So I was thinking about using Stored Procedures to interact with DB. Is this more secure than submitting SQL query across web? Also, what is the best security measure to communicate and transfer data to/from web app/DB server?
Thanks in advance,
Brad
EDIT:
Also, is there anyway to securely send username/password credentials in the connection string?
Stored procedures would in a sense be more secure, since you could simply submit objects into the procedure to generate your desired result. This would mask the underlying SQL statement, so it could be considered more secure. I think most places rely on the Windows Authentication aspect of SQL in a domain environment.
It is fairly secure, more so if your site is wrapped up in SSL. Avoid standard SQL authentication, it's text based and shouldn't really be considered.
Code wise, you probably want a layer in between your DB and your website to do all the heavy lifting. This somewhat obfuscates what your website is doing since it is calling to your middle-man, and he handles all the truly transactional stuff.
Also, how are users going to be interacting with your website? Will they be required to login first, and what mechanism will control this? There are quite a few other design details to figure out before you can really consider which method will be the best balance of security and usability. I'd go for WindowsAuth/SSL and utilize a security account to perform all your transactions. It's easy to setup and AFAIK not easy to hack.
This are two different things - TDE will help you just with encrypting data on file system (so if I have access to filesystem where you have your db I won't be able to read it if you're using TDE).
Communication between application and db is different issue. There are several things you can do:
open network ports for db just to webserver (only from web server ip(s) you can access db)
use integrated authentication (no-one can sniff your password)
embed your business logic into stored procedures (you limit access to db just to function needed for scope of your web application)
However especially the stored procedures part can be pain (ORM like EF, LinqToSQL or nHibernate are just terrible when it comes to stored procedures). And also this approach doesn't guarantee that no-one will be able to see data coming from database server to web server).
If sniffing data between webserver and db server can be a problem, you have to write webservice for accessing data. This webservice should be on trusted network to db server (as close to db as it can be - same box is the best). Webserver should call this webservice over https (thus sniffing data between web server and webservice is impossible) and use authentication to access webservice (recommended is windows authentication).
I have developed a winform application in C#.net and using SQL Server 2008.
My application inserts and updates values into database.
Is it possible to install the application on a another system which doesn't have sql server on it?
Imagine using sql azure. Cloud based sql server. The database is never on the same physically computer. It's all down to the connection string.
With an on premise database you need to make sure the database allows external connections, maybe opening up firewall etc. then make sure the connection string is set correctly on the application to talk to external database.
You can even configure to change the connection string as required pointing at different databases depending on the individual requirements.
Scott
Yes, you can. You can access the DB remotely by referring remote DB server in connection string.
It is possible, if you are looking to run the application on machine that is running on the same Domain as the SQL Server and has privileges to the SQL Server.
I created a C# application that uses .mdf database and it works perfectly on my PC.
Now i wanted to install that application on network PCs that can connect to a single database and use that data.
I tried changing the connection string in application with only changing file path, but it doesn't work. How can i use one PC as server and use program as client application that can connect over network. How do i set up SQL server on that PC, and should i do that? How is this done? I couldn't find any tutorial so far...
Could someone help me a bit.
I don't think you should be doing this, this is something that I once looked into myself. I once used a standard base unit for this same purpose and although it worked fine your not really supposed to do it.
You have to ask yourself how important the application is to the business. If its critical then this would be a real bad move for a couple of reasons :-
1) What happens if base unit hosting SQL Server dies? or is switched
off. Your unstuck.
2) You will only be able to schedule backups of the
SQL Server Database on the local hard disk . If the Disk dies then you
will lose everything.
When all is said and done, for the scenario that you are presenting, a MS Access database is probably a cleaner way to go. Access databases, albeit dated, can be hosted on a shared network space and can be accessed by multiple users. ADO.NET is nt too bad and you can still use LINQ with Data Tables etc.
What your looking into doing in your description wont really be fruitful unless your hosting the SQL Server on an Actual Server, as its designed for.
Some people suggest using using SQL Compact, but that itself is designed only to run from a local machine.
Hope this Helps.
#Milan: Go to the SQL Server configuration manager and enable TCP/IP service for SQL Server. As sql server uses TCP/IP for communication.
This link will help you.
http://kristofmattei.be/2010/06/21/enabling-sql-server-2008-r2-access-over-network/
I'm going to develop a POS system for medium scale company
and the requirement for me is to make all data on time for all of their branches
while in my mind, move the server from local to web would solve this problem
but, i never done any online server for window application
may i know what is the best option for use as secure database ?
such as SQL can handle this well ?
i tried to google but all of the result return is not what i want
may i know what will you do when you facing this problem ?
my knowledge on coding is just VB and CS
also SQL for database
i would like to learn new if there is better option
i hope it is impossible to access by anonymous and it is store secure at back-end only
What you probably want to do is create a series of services exposed on the internet and accessed by your application. All database access would be mediated by these services. For security you would probably want to build them in WCF and expose them through IIS. Then your Windows application would just call these services for most of its processing.
If you design it properly you could also have it work with a local database as well so that it could work in a disconnected manner if, for example, your servers go down.
Typically you don't move the server off of the site premises.
The problem is that they will go completely down in the event your remote server is inaccessible. Things that can cause this are internet service interruption (pretty common), remote server overloaded (common enough), basically anything that can stop the traffic between the store location and your remove server will bring them to their knees. The first time this happens they'll scream. The second time and they'll want your head due to the lost sales.
Instead, leave a sql server at each location. Set up a master sql server somewhere. Then set up a VPN connection between the stores and this central office. Finally, have the store sql boxes do merge replication with the central office. Incidentally, don't use the built in replication, but an off the shelf product which specializes in replicating sql server. The built in one can be difficult to learn.
In the event their internet connection goes dark the individual stores will still be able to function. It will also remain performant as all of the desktop app traffic is purely to the local sql box.
Solving replication errors is much easier than dealing with a flaky ISP.
I would recommend you to check Viravis Platform out.
It is an application platform that also can be used just as an online database for any .NET client with the provided SDK. It has its own generic windows and web clients and some custom web solutions for some specific applications.
You may be using it as a complete solution or as a secure online database backend.