I'm trying to write a program that connects to SQL Server at work, which I have done and works perfectly. However, this program only works on the desktop at my workplace because it is connected to the SQL Server that I wanted it connect local. This means if I were to work on this program at home, I won't be able to do anything as it can't connect to it.
What I've found out is that the server uses windows auth to authenticate the users who connects to SQL Server. From what I found out is that windows authentication on SQL Server gets the credentials for the security. So I was wondering is there a way where I can get the credentials using Java, then pass that to SQL Server using JDBC to login to the database?? Or is this not really realistic to do? If so, is there any way around this?
Thanks
When you install MS SQL Server you are asked about the type of authentication that you want.
I personally cannot think of a Scenario where pure "Windows Authentication" makes sense. I always choose "Mixed Mode" as with pure Windows Authentication to much can go wrong. (Server-Admin gets fired, Company merges with another AD-Domain, spontaneous SID-corruptions etc...)
That said, you'll Need to Change Authentication Mode to Mixed Mode.
Related
I have a central SQL server which can be INSERTED INTO and SELECTED from via PHP. However I have built a Java application which I hope to be able to Insert and select stuff in the SQL table with that I have hosted on a web server.
How would I go about doing this? I don't really want to have the root password with JDBC in the source code as even if it is obfuscating it can easily be deobfuscated and then the user has direct access to the database.
Someone said to me that I should use an API but I don't see how I will be able to interact with the database by doing this.
If you already have a PHP application running server side that handles database interaction; I recommend letting that handle if for you.
Write an API in PHP that handles all of the database interactions and send requests to that API from your java application. (I'd probably have the users create an authorization token to pass along to the API as well so you can track who is using your API and limit access).
Your application can then send HTTP(s) POST/GET/etc requests to your PHP that will then handle the database interactions and return the results. Your database username and password will be kept on your server and your application will not need to know them.
If you don't want to rely on a backend service and want your client application to interact directly with the database... You'll probably have to include a username and password in the code. BUT I'd create a separate user in the database with limited accessibility that could be removed anytime you suspect abuse.
Description:
Greetings, I have a Google App Engine standard web service deployed from Eclipse Oxygen that consists of a servlet connecting to a MySQL database with the same project id in the Google Cloud using hibernate. It is a simple event managing website where you (as an invitee) enter your email and a given code (don't worry about security at least here, please) and you confirm or cancel your assistance to a given event.
Error:
The error is the following, at localhost, the tested project will perform correctly on every connection and transference of data. But as soon as I deploy it, when I test it from the user side, on the first try (wether you confirm, cancel or enter invalid data) it will fail to connect to the database. If you redo the operation, it will work.
Information to take into account:
I did not use the JDBC GoogleDriver (as I couldn't find a way to make it work [ClassNotFoundException...]). I use "com.mysql.jdbc.Driver".
The database allows the IP 0.0.0.0/0 (everyone) to connect to it (I know, security issues).
The servlet access the database with root + password (more security issues...).
When the user confirms/cancels the servlet will ask the Business class instance to retrieve the user data to check if it pairs it's invitation code.
Notice:
I have no idea how is this happening. Please, ask me for the details you need, and I will edit this question with them, because I don't know where to start. I'm pretty sure this first-try-only pattern must be easily identifiable to anyone who had experienced this. Thank you very much.
When thing is running correctly on localhost then obviously Google Cloud has specific issue. Google Cloud's 0.0.0.0/0 is not really "whole earth". You have to add subnet from which you'll connect. That much I know.
Better you can test on some PaaS like Bluemix. Bluemix has own big Q&A - developer.ibm.com/answers/ plus StackOverflow.
Of course you can use VPS as other option than PaaS. Essentially you need to run an application NOT fight with some platform.
Sorry for the long explanation here but here goes:
As a personal project, I've toyed with making a server management tool for game server hosts.
All of the server hosts use MySQL servers and they're all separate servers.
So:
Is there a java IDE or java library I can use for creating a java desktop app that can communicate with MySQL databases?
More specifically: I need to have clients use a login form to specify the IP address, port, username and password. When they hit connect, the java application sends the login information to the server specified, authenticates and connects.
Then the user can execute T-SQL by simply clicking buttons on a form.
I'm looking for something similar to what I've recently achieved in C# with the MySQL connector for .NET.
But I can't find anything anywhere on something like this, is it just impossible or am I being an idiot? haha. Cheers guys.
To achieve login functionality providing you are going to use swing, use JXloginPane it contains all what you described out of the box. Regarding db, you can use JdbcTemplate
I have a Java application that sends user score to the mysql table. When the user is done, Java app accesses the .php file on server and the .php server performs a query on the database (inserting score).
I am concerned about the (in)security of this method. I mean, if someone finds out the direct url to the .php on a server, they can produce a lot of mess in the dabase. Can you advise how I could prevent the .php from executing the query other than accessed by the Java app?
edit: The problem is that Java application is NOT run on the server, it's run on the user computer using Java Web Launcher platform. So it's not an applet...
The problem is conceptual. You should never be sure that users can't find out the real address (security by obscurity). You could use SSL, still this is no means against a good guess.
Since the Java program is run on the client side, a .htaccess restricting access to a certain IP is also not an option.
My suggestion is to create a separate user in mysql, grant this user access only to necessary tables and perform the database queries on behalf of this user directly in Java. This way all data is encrypted (see http://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html) and no URL/access point is exposed. Of course it means your MySQL server must be reachable from outside which poses a risk, too. You should have a good root password!
i am writing an application in java and i want to enable it to access a mysql remote server.
my problem is that if the application have the user name and password someone can take them and use my db with a different software.
is there a way of preventing it ?
UPDATE
i found this workaround for connecting to a remote MySQL database from an android device.
you put a service in the middle. like a php page that code the data in JSON format which the android app gets via http.
here is the example i found :
Connecting to MySQL database
Having the username and password is designed specifically to grant access to the database. That's the whole point.
You could go to some extra lengths like restricting database connectivity to specific hosts, so at least your paying customers get access to the database and no else can access it, but your customers might choose to use different software to access the database. There's no way around it except licensing terms.
What you could do is run an intermediary program on your own hardware that connects to the database and restrict access to the database to software that is under your direct administrative control. Your program would validate all requests from software under control of your customers and allow the queries that you want to allow and refuse (and log) the queries you do not have to allow. (You do not need to send raw SQL data back and forth -- you can do any amount of processing on the data and queries.)
You can setup JDBC Data Source on your application server. Here you can see example for Oracle Glassfish.
So, your credential won't be used in your code/resources.
If you are saying that you have an application trying to access a MySQL remotely (not in the same box), then i think you need not worry, as the connection that will be established by your application codes will not expose the username and password when it is trying to authenticate and authorize itself to the MySQL server.
You can limit the access to the MySQL-server so that only certain IP-addresses or IP-ranges have access to it.
As a side note, make sure that the user you use in your application only has the needed permissions to the database. For example, the user might not need to be able to create or delete tables. You can even specify permissions for the user on table and column level.