-
Mar 8th, 2011, 03:41 PM
#1
How to connect to a database on the internet
People often ask how to connect to a database that is on a website from a program, but connecting directly to a web based database isn't a particularly wise move.
The reasons not to do it
The main reasons against doing it are security based, because people with malicious intentions will be able to connect to the database too, by simply intercepting the details that your program uses to connect to it (even if your program is not on their computer), and/or by scanning your executable etc.
For many database systems it is also possible to connect without knowing the connection details in advance, and without much effort either (just "standard" hacking tools, which can try every web site automatically), especially if the latest software updates have not been installed.
If a person with malicious intentions gets in to your database, they can not only read/edit/delete your data (which can be extremely bad if you have sensitive data, such as customer details), but they can change the security so that you (and your program) can't ever get in to the database again, and can do even more extreme things too (such as taking over the entire web site).
The reason you probably haven't got a choice
Most web hosts are aware of the issues and therefore do not allow remote database connections at all, or at least not without significant extra payment (usually to pay for your own dedicated server etc, so that any damage caused by your choices doesn't break other peoples sites).
File-based databases do not support it
File-based database systems (such as .mdb and .accdb files, etc) are not designed to be used in remote systems (because they are really only meant to be used on the local PC by a single user), and this is several steps too far away from that for them to be able to cope with it.
With file-based databases the work is done by the client computers rather than the server computer, which means they need read and write access to the file and the folder it is in - which is very hard to do for a web based situation (especially with http, and ftp isn't much better for other reasons).
There are ways around it, but they require admin rights of the web server (not just your site), they are unreliable, and they are incredibly hard to get working properly (as a general rule the kind of people who have the skill level to help don't have the knowledge, because they wouldn't have attempted it in the first place).
Server-based database systems (such as MySQL/SQL Server/Oracle) do not have this particular problem, but due to the reasons given earlier they still aren't a good option.
A better alternative: web services
Rather than connecting directly to the database, you can avoid most of the issues by using a web service.
A web service is basically a mini program (usually ASP or PHP based) that runs on the server, and it would act as an intermediary between your program and the database - you only connect to the service, and it connects to the database to do the work (and because the database is local to the service, it doesn't matter which kind of database you use).
What functionality the web service should provide depends on what features you are after, but if you are checking whether a user is licensed for your software then your program should call a method (perhaps called "ValidateUser") which accepts the necessary parameters (such as UserName etc), and returns a value that your program can check.
Due to the wide variety of languages you can use for the web service (which may be forced on you by what the host supports) and for your main program, I do not have examples of how to write/use web services for all of the different options - that would take far too much space!
If you are using .Net then these tutorials are likely to be helpful:
For any other languages, what I recommend you do is Search for "web service" in the forum(s) relevant to the language you are planning to write it in, as there are likely to be several examples.
Still want to connect directly to the database?
If so then part of me questions your sanity, but the choice and/or circumstances are yours.
The first thing you need to do is enable remote connections. If your site is hosted by somebody, they will need to do it. If you do the hosting yourself, see the documentation for the database system you are using (it is likely to tell you ports that you need to open on your firewall, and other settings).
When remote connections are enabled, you can connect in the same way that you would with a local database - just change the server name etc in the connection string to whatever the details are in your particular case.
After all of that you will be able to use the database in your program, but will have other issues to contend with (such as the extra distance meaning that you get timeout errors), so are likely to need to be very careful about the complexity and/or quantity of work you do.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|