Announcement

Collapse
No announcement yet.

How improve security to online database MYSQL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Imagine Programming
    replied
    Originally posted by kingzooly View Post
    Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden.
    Indeed, that's what I meant in the original posting of the OP. You need to have authorization between your application and a web-API, so that a user can log in to your service. Then the service can handle all the DB interaction. As kingzooly says, PHP is a viable option for this. You can also use ASP.net (C#) for this, Java with Tomcat I believe, JavaScript with NodeJS. There is a plethora of options, however you need to make a server side application to make things secure.

    Leave a comment:


  • daviz
    replied
    Originally posted by kingzooly View Post
    Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden....
    Thanks for the info kingzooly

    PHP is new to me, but if it is the best alternative then I will go with it.

    David R.

    Leave a comment:


  • kingzooly
    replied
    Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden.

    Any code that is running local will need to be in a format that the computer can read, there for a human can patch it with enough time, AMS is much easier the most, NEVER store date like table names, passwords and usersnames within ams.

    Create a web connection to your server, use a php script to return the database information you want inside your app, return information to app and use it in the app, this means A if a basic username becomes leaked you just ban the username server side not damage one, also using a username and password system like this means users never leave the details in the app

    You can also create a session ID per computer hardware ID, and then create a connection for that user on the server and if you see bad requests from that computer you can then ban that ID fully so that computer will never be able to attack your system again.

    Leave a comment:


  • Sina Dehghani
    replied
    Please send host, username, password, dbname to send the appropriate code to the database to connect ...

    And do you need to add or remove data or just connect to the database?

    Leave a comment:


  • daviz
    replied
    Sina Dehghani Sure please how is the connection established for PHP?

    David R.

    Leave a comment:


  • Sina Dehghani
    replied

    ​​​​Hello If you set the hardest passwords for the database as long as you use direct communication, I think the security is very low (because the source code is in RAM) To increase security, you must use a php file that is uploaded to your host. Did you ... if you want me to write the connection code via php?
    Goodluck

    Leave a comment:


  • daviz
    started a topic How improve security to online database MYSQL

    How improve security to online database MYSQL

    Hi,
    in a recent post, Imagine Programming answered this to the question "Is it possible to create an online database?
    ":

    ... it is possible, granted it would probably not be secure.
    Interaction with online data should happen through an API to which the user can authenticate,
    I would not directly connect to any online database (except of course when that database supports per-user authentication).

    https://forums.indigorose.com/forum/...nline-database

    I am currently using AMS to communicate with an online database: the application retrieves, inserts, updates and deletes information in MYSQL.
    All operations are performed using plugin "MySQL", database is hosted in a VPS Server through a paid provider.

    Everything works great, however as Imagine Programming mentioned, I believe the information in database is not secure.


    This is the code for connection:


    Code:
    local MySQLConnection = MySQL.Connect("000.000.000.00", "DataBaseName", "Password", "TableName", "PortNumber");
    
    if (MySQLConnection ~= 0) then
    local error = Application.GetLastError();
    Dialog.Message("Error",error.."\n\n Connection to database not found, application will close");
    Application.Exit(0);
    else
    end

    What else should I add to make the information in database more secure?

    Thanks!

    David R.

Working...
X