My boss wants me to create a desktop application with a database that is accessible via the Internet. The database is used to store information taken from a TCP server, but that is not my question.
so far on my research, I found shared web hosting, VPS, dedicated hosting and Amazon RDS to be possible choices. The only interest I have is the MySQL Server included in the given package.
I think for a simple application a regular shared web hosting is enough, merely because the database is consists of 10 tables and records won't likely exceed more than a thousand records.
But my question is, is it possible to directly connect a C# application to a MySQL instance from a web server? And if it does is it secure? It will be storing vital information such as credit card numbers, and member information and needs to be up all the time.
You can easily connect to a MySQL database from any computer as long as your firewall do not block port 3306 on the database server. However, I strongly discourage you from doing so since you loose control over the clients.
Each client needs to store the database connection somewhere (or fetch from some kind of server)
You need to be able to update the MySql connector on all clients
You get very little control over the data access.
Instead I would introduce some kind of data access layer that the clients would use. You could for instance use WCF Data Services or build your own very simple data layer (let the clients send SQL queries and return the proper result) using WCF.
Both those options lets you use any technology behind (you can even switch database server without the clients noticing).
Related
I am currently developing a C#/WPF/MVVM/EF6 application that allows multiple users in different physical locations to send and receive SMS messages to mobile phones using a third party API.
The database stores all messages, sent and received, and is either updated directly by the user (sending a message) or by a ASP.NET web hook (receiving a message). Users are using SQL authentication and dynamically created connection strings to connect to the database (i.e. pass in a connection string whenever a new DbContext is created). EF is used to query against and display the data.
I'm now encountering what I believe may be a fundamental security issue with my design. The users all need direct access to the SQL database to use Entity Framework methods. After some research, it appears to be very risky to simply expose the SQL Server to the internet. Most suggestions have been to use a VPN or IP White Listing, but unfortunately, neither of those are options. We will have the SQL Server hosted by a third party that will not provide a VPN, and the users will be in different locations frequently so their IPs will not be static.
Are there any additional options to maintain direct SQL Server access with additional security? The only option I am able to think of is to completely change the architecture by creating an API for the application to query against and refactor the code to pull data using the API instead of Entity Framework. Any input would be highly appreciated.
You could create an API that access directly to the database, the api will be exposed over the internet, and you will only define the methods you want to perform on the database (eg CRUD Operations).
The wpf application will no longer be comunicating directly with the database but it will be communicating to the api instead. The api is the one that holds the connection string and is the only one who will have direct access to the db. That way you're not exposing your entire database over the internet.
You could also add Authentication, that way only logged in user could get/insert/modify data from the database, and could also add Authorization for handling user permissions.
Now you should refactor your application to work with the API. Although if you used something like Repository Pattern it will only require a few changes in the repository itself to work properly.
Now your application design has another layer of abstraction which is the API
WPF application → API → Database
The way I consume APIs in my applications is using the HttpWebRequest class . However there are other ways to handle that and this article explains it really well: A Few Great Ways to Consume RESTful API in C#
I agree with you to create API and act like database adapter with 2 reasons.
Letting all client store connection string is too risk and difficult in case you want to scale your project.
especially Windows application like WPF in your case. So having adapter gain you capability to update and maintain seamlessly.
If clients contact to database directly without IP whitelist meaning you are exposing database to public
An idea that I could imagine is creating a WebAPI and let it dynamically creates SQL user for each clients with limited permissions. Then periodically revoke SQL User every given time (Maybe with Webjob). So client won't have long-lived connection string. And you will need only single endpoint.
What client have to do is asking WebAPI for temporaly connection string. With this solution you will be at least have a chance to validate client's credential, role, ip, version number and etc before give them connection string whenever its connection string was revoked. It still requires API. But client will communicates with database directly with better security in my opinion.
NOTE: Since you are letting clients play with database. Make sure client is always the latest version. I think you can check when client asking for connection string.
I'm new to web development and I'm developing a web app in MVC 5 / C# where I want to access data from the SQL server from multiple devices (laptop, PC, iPad etc).
I've setup a small test website and SQL database on the Azure account and have been able to run CRUD operations from the website from a single device.
The problem I'm facing is when trying to access the data from another device. I'm constantly needing to manually add new IP address to the SQL firewall. To make matters worse my ISP has me on a dynamic IP.
Eventually I'm planning to provide a subscription service where clients can login via the website and access their data. Is there any way to allow multiple connections to an Azure SQL database without having to manually update the firewall?
Would setting up an Azure VPN an a VM running SQL server be the way to go?
Regards,
Marc
Might be worth taking a look at Windows Azure Mobile Services. Mobile Services provides a REST interface over your Windows Azure SQL Database automatically. Could be a good option, especially if looking to access the database from multiple devices.
http://www.windowsazure.com/en-us/documentation/articles/mobile-services-windows-store-dotnet-get-started-data/
In general, under NO circumstances should you ever make your database server directly accessible to the general public. There are far too many security risks associated with doing so- by exploiting vulnerabilities in the SQL capabilities, you (as a hacker) could quite easily take full control of the instance. That's one reason why you have to constantly update your firewall settings.
To solve your issue with the ISP re-assigning IP addresses, I would ask the ISP for a static number. It will probably cost you on the order of $10 per month, but worth the saved headache in my opinion. I am fortunate to have Comcast, and they do not reassign IP addresses randomly, but I know several other ISPs who do.
The generally-accepted way to make your data available is through a REST-based web service.
I'm newbie in Silverlight world. I read number of articles to establish connection with SQL Server using Silverlight but sorry to say no one give me concrete results. I want to first make a connection with SQL Server database and then simply load data in combo box. Can anyone give any sound step wise example to make connection with Silverlight project. I found WCF service which is quite helpful to establish connection but feel difficulty to map this service. Please also suggest any other web service with WCF, thanks.
When you look at the Silverlight architecture, you'll see that the ".NET for Silverlight" runtime doesn't include any classes to directly access databases:
http://msdn.microsoft.com/en-us/library/bb404713%28v=vs.95%29.aspx
It contains service client classes, however - so you can use WCF (and WCF RIA Services) to fetch data from a remote server.
That approach makes a lot of sense, too - your Silverlight app will after all run on the client PC, typically in a browser - and you don't really want hundreds or thousands of client PC's anywhere over the planet to have direct access to your SQL Server database. Channelling these data requests through services makes a lot of sense in that way.
This is in contrast to ASP.NET where your code typically runs on the backend server infrastructure, so it's a lot "closer" to your database servers and can make direct calls to SQL Server - it then just returns HTML to the caller (the client's PC and browser).
I found this article here very informative and enlightening:
Getting started with Silverlight - part 3 - accessing data
I have a windows tablet application which store some data from the users. Now i need to send this data to a server via Internet. What all options are there for me to try?? I think syncng the server and client database wont do good since multiple tablets are getting connected to the server.
I think syncng the server and client database wont do good since multiple tablets are getting connected to the server.
Why do you think that? How do you think web servers work? Databases can easily handle multiple connections.
You can either directly connect to the db server, if it supports remote connections, or you can create a webservice and communicate with db via that. Either way, be sure to set the permissions right, otherwise you might have a serious security problem.
// edit to address concerns in the comments
If you want to use a direct connection, you connect to a database exactly the same way as if it was on the same machine. How do you connect to that CE db?? You just need to alter the connection string, but everything else stays the same.
If you want to use a webservice for parsing and communicating with the database, the things get a bit more complicated, but it's still fairly simple. Search the google (or SO) how to use a webservice and how to create one. There are plenty of examples and tutorials out there. It's impossible to cover it all in here I'm afraid.
I want to create an application in C# with client and server sides. It will work over local network. Client sides must check for updates on a remote SQL Server. Lets say we've set update time interval to 2 seconds. If i have 20 client side applications, then they'll send query to the remote SQL Server every 2 sec and it will load server quite a lot. Now I want to know is there any way to reduce server load or it's only way to check for updates?
From my point of view, there is no need to allow clients to connect the DB serer directly. There should be one more tier here which will only connect to the server and cache information about the updates. Your clients should connect to this additional information and work with the cached info.
UPDATE
As far as I understand, the problem appears because all your clients ping your DB server every two seconds. The solution to this problem is to create a special module which will only have access to the DB server and asks it for the update. For example, every two seconds. If the update is ready, it should be able to fetch it from the DB and store. This is what I meant under the additional tier.
Now, let's return to your clients. They should be able to communicate with this module and get information from it about a ready update (this information is cached and thus it is really fast to obtain it. Also you needn't ping the server at every client request). If update is ready, fetch it to the client side and work on client side.
As for the communication between this additional tier and clients. Since you are working with .NET, I would suggest that you take a look at the WCF which, from my point of view, becomes a standard approach of implementing the between-process communication in .NET. There are a lot of information in the network about it, I will post the links shortly.
Here is my favorite WCF book:
Programming WCF Services
MSDN entry:
Windows Communication Foundation