i have to develop desktop base software in C#.Net which only produces reports and that reports can be export to any format. that software will be dump into CD/DVD and distributed to all clients and they will install it in their PC (Stand Alon PC). and that will be installer, client can install it himself.
My problem is which database i should choose to build it because this software will be installed by third person. so when one install it database should be install itself, all the data should be in imported into database.
2nd i have to send them month wise data (database exported) which then they will copy/past in specific folder and system itself import it. (that given file (data file) should not be open/read other than my develop software.
is it possible if yes then HOW?
please guide me as i am new comer in VS field but i have programming experience more than 8 years in oracle and 3 months in Java.
This isn't impossible to do.
It sounds like you're wanting users applications to simply interact with a DB that you host. That shouldn't be hard, as there are ADO.net connectors for just about all the popular DBs out there.
I'd suggest simply going with MySQL, ADO.Net connector, and use datasets in your program to read and edit data.
All the client applications would just have to connect to your IP address where you're hosting the central DB and they'd instantly have access to all of that data.
If you're not very experienced in application development, it may be worth it for you or your company to contract a worker to complete this application.
Update
In regards to the update about your client requirements, it sounds like instead you should try connecting to an SQL file that is stored on the client machine. This is EXTREMELY simple to do, and MSVC# has the ADO connector preinstalled. Then, you would have to write another part of the app to perform "updates" every month. You said you need to deliver new data to the customers once a month. Just make the program (when they start it up) check the date, and if required, connect to an FTP site and just download the file to the client machine.
Update II
Ah, ok. That makes things different yet again. This is easier, though. You can make your application read a Database file directly from a CD, which you can mail to people. You should use some sort of PKI style encryption if it needs to be secure. However, due to the nature of the security requirements, I would STRONGLY suggest you contract to someone with experience with encryption, because if you implement something the wrong way, you can expose the data which would be bad :)
I would use an encrypted SQLite file.
Related
so I have a bundled software that a client can download and install (using an msi on win machines).
part of this software is a mongoDB database, that stores client info, configurations, etc..
When the software is first installed, it creates an empty folder for the mongoDB, and whenever the software starts, it starts a mongod process (using C#'s Process.Start()): mongod.exe --dbpath <path> --port <port> --quiet.
My goal is to secure the mongoDB database with a username / password that will be known only to my application.
this will help prevent tampering with my client's data from the outside, as well as make it harder (but not impossible, see below) for the client themselves to tamper with the application's data.
The general idea, I guess, is that on installation (or on startup), to create a user with read / write privileges which my software will use to communicate with the database.
So My questions are:
1. How do I programmatically do this? I guess this is the right direction, but I couldn't find much info on the c# driver docs
2. How do I deal with upgrades? i.e clients who installed a previous version of the software, where the database is not secure at all; i would like to create a user with a password in that case as well.
3. how do I store the application user's credentials in my application? in a config file? but that can be read by the client. any best practices here?
versions info- (unfortunately, because of my company's issues, we're not using the latest product versions); mongoDB 2.6, mongoDB driver for .net 1.5.0.
thanks!
P.S. I have read through the security section on the mongoDB website, but wasn't able to find a simple example for the use case I'm trying to implement.. maybe I'm just missing something simple here..
This is kind of an interesting, unusual use case.
First of all, I want to make sure you're aware of the licensing/copyright implications of bundling MongoDB with your software. You should check out the license section of the mongo project GitHub page and read up on the AGPL.
Second, the easiest part of your question:
how do I store the application user's credentials in my application? in a config file? but that can be read by the client. any best practices here?
This goes beyond MongoDB. If a user owns the system that the mongod process is running on, they could just copy the data files and set up a no-auth mongod on top of your application data. You cannot reasonably stop them from doing things like that, so do not count on your application's data to be secure from the client user. Plus, if you install your application code locally, any decently smart and committed person should be able to extract the username and password from the compiled application code. You can make it hard, but not impossible.
Third,
How do I programmatically do this?
Based on what I just said, I'm taking "this" to mean
on installation (or on startup), to create a user with read / write privileges which my software will use to communicate with the database.
not the part about having it be secure from the person who owns the computer it's installed on, because that's not possible. To do this, I'd either package a mini datafile to start the mongod on top of, one that included users set up already, or include a dump that you use something like mongorestore to load into the mongod after you start it up. The first option is way simpler to implement and should not require you to have to take down and respawn the mongod process, so try that - see if you can set up a mongod with auth how you want it and then transplant user info by copying data files. FWIW, I'm pretty sure the passwords are not stored in plain text in the data files (they are salted), so you won't have that directly exposed from the data files.
Finally,
How do I deal with upgrades?
You'll have to take down their mongod, restart it with auth, use the localhost exception to create the users you need, turn off the localhost exception (optional but why not), and then end that connection and start new ones using auth. It's the same process as in the security tutorials, you just have to do it with C# driver commands. Note that moving between MongoDB versions is also tricky as the seurity model has improved over time, so you should consult the upgrade guide for extra things to do to make sure user schema gets upgraded correctly if you are moving a user from a secure 2.6 to a secure 3.0, say.
C# driver connectionstring can accept login credentials for the database.
mongodb://username:pwd#server:port/dbname
for ex
mongodb://myuser:mypassword#mydbserver:30254/mydb
The best way is to store the data in a config file. If you are worried about exposing it, it can be encrypted and stored. Other less likely option is to store in a resource file and reference that as a string.
After much Google searching and at the risk of asking dumb questions, I could use some help. I’m developing a C# WinForms client application using ADO.NET to read/write data from a SQL Server 2012 database located on the Internet. That same application also needs to upload/download data files. The client application will only be used by a few employees (ever). The employees are all in different locations. The database is only about 20 MB. There will be about 100 data files totaling about 300 MB accessed individually on a periodic basis. SQL Server 2012 is running on a (non-virtual) Windows Server 2008 R2 machine which we have full control over. The client application will be running on Win-XP and Win-7 machines.
Priorities are 1. Internet security – keeping hackers out of the Windows Server machine and off the client/server communications. 2. Performance. 3. Simplicity. Corporate security and scalability are not issues. Also, performance is not that important if the solution is overlay complicated.
Two related questions I could really use help on:
Given the above priorities, what is the best way to communicate with the database? The only two options I’ve found are exclusively; a WCF service or directly through a VPN.
And again given the above priorities, what is the best way to upload/download data files? I’m sure there are many options for this using VPN, WCF, FTP; but I don’t know any specifics. Also, using a SQL Server 2012 FileTable looks promising but I’m not sure how that works over the web. Backup/restore plus being able to do a full-text search over the data would be nice features but not requirements.
I know what a VPN is but have never used one for these purposes. I know there are some security issues with PPTP, but we won’t be upgrading the XP machines for a while. I know what a WCF service is but have never written one. I also don’t know if SOAP or REST is better in this instance. I’ve built a FileTable in SQL Server, but I don’t know how to access the data remotely. I have decent knowledge of C#, ADO.NET, and SQL Server.
I realize these are big questions with subjective answers. Still, any ideas or a shove in the right direction would be greatly appreciated.
Keep it simple and use standard mechanisms. My recommendation is as follows:
Build a WCF service that is capable of performing the operations you want. You can build a SOAP or RESTful service. My general guidance here is to build a RESTful service because you're transferring files and this is much more integrated with REST. With SOAP you have some setting you're going to need to fiddle with to transfer large files.
Use SSL to secure the service, keep it simple. A VPN is an added layer of complexity and very likely not needed in this scenario. Further, it will only make the experience for the users less friendly.
I would not recommend using the FileTable in SQL Server 2012 for your needs. You own the server so when you send and receive files it will be much more straight forward to deal with the file system.
You can also build a simple forms authentication process that creates a session key for the user and passes it back. I'm not sure this is necessary, but if you need that extra layer, just make that one of the operations. Then that session key can then be passed into each method and validated before performing the operation. This will be safe because you're using SSL.
Here is a tutorial that will help walk you through building a RESTful WCF service, and it's fairly new.
My recommendation would be to deploy a VPN server to provide the security you are looking for. There are a number of good VPN servers available, and a Google search should provide a number of options at varying price points.
Once you have deployed the VPN server (and clients to all computers not on your local network that you would like to be able to access the database), you can use ADO.NET to access the database. ADO.NET will work seamlessly behind the VPN.
From the context of your question I am assuming that the files are stored in a file system outside of the database, and the database merely references the files. If this is the case, you could use any number of options for downloading the files, but FTP is a time-tested, easy-to-implement solution. There are others that may or may not work better in your situation (see here for a few options).
Is it necessary that the computer at which a c#.net program is to be run should be connected to the developing machine to deploy that program as this program uses oracle database to save user's data items
if yes : then plz explain minimum footprint to install oracle database at each target machine
if no : then how could the target will create and access the oracle database through these 5-7 dll files.
any response will be highly appreciable as I am very uncomfortable being in this confusioin. Thanx all....
I think you're mixing two different things. Application deployment vs. IT Requirements. For your app deployment NO, you don't need to be connected with your clients, use instead something like ClickOnce. Now, for your IT Requirements, well, if your client needs to have Oracle then they need to provide the DB.
Are they willing to pay each for a license? If not, why don't you use a Cloud DB Service? Or something light like Oracle Express (which is, free).
I'm hoping someone can help me. I recently started the development of a windows form application connecting to a remote sql server database. I was happy enough developing it until a potential client queried if they would be able to buy the whole application but they do not want the application connecting to the db via the internet.
I predominantly develop websites using php/mysql but migrated to c# for this particular project. I'm familiar with sql but not sure what database I should be using if the client wishes to have the whole application on their own computer. I've considered providing the database install as a pre-requisite when publishing the app (although I'm currently not sure how to do that) but I'm having reservations whether that is suitable or could lead to more problems. I want to create an application that can install to a single computer and has little to no need for administration. Could someone advise the best way to approach the data storage in this instance.
Because you have already a SqlServer database operating on your remote site, the best path should be to use the LocalDB version of SqlServer Express 2012. See this link about deployment.
If you don't use stored procedures, views and triggers then also the SQL CE could be an option, but you will not have file binary compatibility and you should work on importing your schema and data.
SQL CE is a compact light weight way of going..
http://blogs.msdn.com/b/sqlservercompact/archive/2011/01/12/microsoft-sql-server-compact-4-0-is-available-for-download.aspx
I've designed a C# game that makes use of an Access .mdb database file to store variables.
The basic idea is that one of the players will 'host' a game, and the other player will join said game, by connecting to the database, reading and writing items into the database. The database is needed to pass variables to and fro the host and client, and both programs check the database regularly for new messages / variables (yes, yes, I couldn't get TCP/IP Remoting to work).
Now, there, the program works fine (mostly the client, since the host modifies only its local database), for as long as the client can find the database file. Currently, the connection string for the client is located in a .ini file, and for the program to work, it (or at least, the server) must be located in the Shared Documents of an XP machine, or the Public Documents of a Vista / 7 machine.
But then some questions occurred to me:
What if the client user places / installs it into another folder in the Shared / Public Documents? I suppose there's a code out there that could 'drill' into the Shared Documents folders to find the path for the database, share names included... is there?
What about installation? The installer default is always "C:\Program Files\GameName". Could it be set (or locked) to a specific folder into the Shared / Public Documents, by default? And is it even recommended to install it into a Shared Folder, what with problems such as Accidental Deletion?
Say, the default is "C:\Program Files\GameName". I could see that a set installation path will solve any connection issues, since every client will look in the same path of the other computer, and it won't matter if it's XP or Vista. Could "C:\Program Files\GameName" be accessible by a C# program over LAN, without any system modification? Are there any security (UAC?) issues?
P.S. Details that people may find in handy:
I'm using Visual Studio 2005. So is my School.
I'm running .NET framework 2.0. So is my school, and unfortunately, I can't change that.
I hate to tell you this, but this is why the approach is fundamentally flawed. What are you going to do when:
File and print sharing on the server is disabled?
The network client is disabled on a client computer?
The server is configured to only allow authenticated users, and the client doesn't have access?
File and print sharing is blocked because of the firewall?
File and print sharing is completely borked for other who-knows-why reasons?
You need administrator access on the server to share a folder, but the current user is not an administrator?
The Access database engine isn't installed correctly on the server or client?
One of the clients corrupts the database? (This is easier than you might think; all it takes is a network glitch where a client temporarily or permanently disconnects from the server).
These are fundamental issues that you can't resolve with the current solution.
Get it working over normal TCP/UDP ports. You'll have a much easier time. There are libraries to facilitate that, see C# Game Network Library - for example it sounds like Microsoft's XNA SDK has functions for networking in a game. If you use a standard method / standard library to implement networking, your odds of success are much higher. Using a client/server architecture means that the server's state won't be corrupted if a client goofs up.
I realize that this probably involves a significant rewrite. Frankly, I don't think you have a choice if you want this game to be commercially successful on a wide customer base without high support costs, and move beyond being a mere experiment.
Get rid of the access database. The described architecture is already 'user unfriendly'
Use either SQL Express or SQL CE which requires no installed database binaries (they can all be included in the applications folder). This way the db will stay in the applications folder (ideally app_Data) and .Net has included support for databases in this folder.
Please stay away from access you will save yourself a lot of trouble.
http://blogs.msdn.com/b/sqlservercompact/archive/2011/01/12/microsoft-sql-server-compact-4-0-is-available-for-download.aspx
I think that there is little point in using Access unless you wanted to use any of the pretty form-based IO that you can you do with its designer. And I doubt that'll be the case here.
I would encourage you to replace all your file IO with a sound data access layer.
Which will rid you of all the "sharing" issues that you are experiencing, file locks, the overcomplicated installation process, etc.
Alternatively to SQL Server Express as suggested above you could also use SQLite http://code.google.com/p/csharp-sqlite/