I made a java program in which users would be automatically inserted/selected lines into/from one mysql database, but could not modify any existing lines, tables, db, or privilages. I got myself a website and hosted it in 1and1.com, but sadly I found out that its a pain(impossible) to have multiple users for one database and to remotly connect to a database.
I was wondering what are my options here?
I suppose the first one would be to get another host that allows me to do this.
The only other option I can think of is that somehow I manage to send from java the information to my website, and then the website to connect to the database. (not an expert in php, html, or what ever i ahve to do (be by embbedding a browser on my GUI or by doing it under the hood).
This is my first attempt to create a program that connects to an online database, so please be nice.
Note: program worked in localhost.
1&1 support useless.
Almost all (web)applications that use a database, connect to the database with one database user for the whole application. Having a different database user for each user of the application is an uncommon design.
So, you should configure one database user, which the application uses to read from or write to the database; this database user is independent of the users of your application and is shared by all users of your application. There should not be a one-to-one mapping from application users to database users.
There are different reasons for this. One of them is scalability. Most databases cannot handle thousands of connections at the same time. If you have a web app that allows thousands of concurrent users, you don't want to have a database connection with a unique username for each of those users. Instead you want to use a connection pool with a limited number of database connections; the connections in the pool are reused whenever one of the web app users needs to perform an action that accesses the database.
Related
I'm very new at programming. I want to make an app where,
1. User1 will make an order (log in as user_profile_1)
2. User2 will work with that order (log in as user_profile_2)
One user shouldn't have access to other's data.
Will SQLite allow me to do that? Seems, database must not run on user's device. And database will always get new records, so we need to update it all the time.
For this case, you have to create a server to store data, I think you should do these things:
Use PHP, NodeJS or some languages server like this to create APIs.
Use a MySQL database or some other database to store data on your server.
Then, different users can log in on their device and you will call your APIs to show what you want.
If you use a SQLite database, the db will be local in the device. The records in the database do not share with other devices.
If you want to access the database from different devices the database will need to exist in a remote server.
You can do differents things:
You can use a database MySql in a remote server with allowed remote access.
You can create a rest api in a LAMP server. You can do this for example with PHP and MySql. You create a GET/POST web page, them pass the data, and the php save the information in the database. You can get the information from the database in the same way, but you should ask to the db in a periodicly time
I'm developing a game in Java and I need need store and get data from mysql database.
Currently I have login credentials saved in my Java app source codes and I'm using some library for the communication. But I think that this is a really unsecured way cause of credentials saved in the Java file.
I was wondering what if I do it through some server side PHP scripts which would just get some information and do what is necessary. But again somebody can get that link and do some evil.
I also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it. But I see one problem, what if I'll need get some information from another user?
So I was wondering what is the best way to keep it simple and secured?
Define a set of services (RESTful will be good) in server side (through PHP or Java or another programming language) that communicates with the datasource (MySQL or another). Then, from your client, consume these services. Now, you can assure the client and server points for communication like authentication and authorization to consume the services, you can use OAuth for this.
also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it
This is a no go. Since it's a game, you will have to maintain a single database per user. It's highly costly and you will have more problems than just retrieving the data from another user.
I am trying to develop a desktop application to be run on local network. It has two UI. One for users to log in complaints and another one to process the complaints. Both of them are connected to a single database. Now i want to know weather i should use the JavaDB in embedded mode or network server mode to implement this and what is the difference between the two approaches.
In embedded mode the database code runs in the same process as the embedding application. The database files are locked, no other process can access the database files. This is the right choice if you have only one application with one user per database. The advantage over network mode is that there is no network traffic to access the database.
In network mode the database code runs in its own process (the database server). Client applications can access the database over the network. Several client applications can access the database at the same time. So this should be the right choice for you, because you have two different client applications accessing the database at the same time.
I am developing an Android application where users will see lists of Groups and join 1-* Groups. Within the Groups will be members and users can message each other within the group they have joined. Sending messages 1 person to many and reply all.
I want this to support multiple devices. So, if i join a group and someone sends me a message, i want to see that message on my phone and tablet. If both have the app installed.
I want the user to be able to see group details while offline.
I have been doing some research and drawing diagrams on how this could work.
What are my options for how to set this up with a remote database?
Here are a couple of the options that i have finally narrowed down to.
Have the remote DB store everything. Have a local DB on the device that reflects the remote DB. Have the remote DB contain a version number. At some point, either scheduled or triggered, the app compares the version numbers in the local and remote and if the local is out of date it will update to the current remote DB.
Have the remote DB store everything. Have a local DB on the device that reflects everything in the remote DB except the messaging system. This would behave similar to #1. Except the tables and stuff that are related to the messaging system would "somehow, gcm maybe" send a message to all devices associated with the user that a message relating to the user has changed and the app will then update to the most recent version of the remote messaging tables in the remote database. Then their local database contains the new data and their "message box" would be updated.
What would be the best way to do this? How is this done currently in most systems? Are there more options then what i listed?
Remote DB: MySql
Local DB: sqlite
I am aware of some similar questions here on SO, but i am wanting to know if either of these options or something else would be best for my specific scenario. Mainly how to handle the messaging part.
Thanks
I think Option 1 is a pretty standard way of handling this problem.
A DB version # could work, but if it changes frequently you will end up resync all the data very often. Its probably better if you just store "Last Modified Date" on records and only pull down things that have changed since the last sync. That way you can return a smaller set of new records.
You would only want to pull down public information (the groups) and the information specific to the user. The remote DB would have everything, but the local DB would only consist of data that is related to the user.
I found this tutorial that walks through how this might be implemented using php on the remote server for API access. You could streamline this process by using an ORM or "Out of the Box" API solution.
I'm sure there are more elegant solutions out there for syncing a local Android DB with a remote but this is likely the most practical approach for the non-enterprise solutions.
i am writing an application in java and i want to enable it to access a mysql remote server.
my problem is that if the application have the user name and password someone can take them and use my db with a different software.
is there a way of preventing it ?
UPDATE
i found this workaround for connecting to a remote MySQL database from an android device.
you put a service in the middle. like a php page that code the data in JSON format which the android app gets via http.
here is the example i found :
Connecting to MySQL database
Having the username and password is designed specifically to grant access to the database. That's the whole point.
You could go to some extra lengths like restricting database connectivity to specific hosts, so at least your paying customers get access to the database and no else can access it, but your customers might choose to use different software to access the database. There's no way around it except licensing terms.
What you could do is run an intermediary program on your own hardware that connects to the database and restrict access to the database to software that is under your direct administrative control. Your program would validate all requests from software under control of your customers and allow the queries that you want to allow and refuse (and log) the queries you do not have to allow. (You do not need to send raw SQL data back and forth -- you can do any amount of processing on the data and queries.)
You can setup JDBC Data Source on your application server. Here you can see example for Oracle Glassfish.
So, your credential won't be used in your code/resources.
If you are saying that you have an application trying to access a MySQL remotely (not in the same box), then i think you need not worry, as the connection that will be established by your application codes will not expose the username and password when it is trying to authenticate and authorize itself to the MySQL server.
You can limit the access to the MySQL-server so that only certain IP-addresses or IP-ranges have access to it.
As a side note, make sure that the user you use in your application only has the needed permissions to the database. For example, the user might not need to be able to create or delete tables. You can even specify permissions for the user on table and column level.