Announcement

Collapse
No announcement yet.

How improve security to online database MYSQL

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    How improve security to online database MYSQL

    Hi,
    in a recent post, Imagine Programming answered this to the question "Is it possible to create an online database?
    ":

    ... it is possible, granted it would probably not be secure.
    Interaction with online data should happen through an API to which the user can authenticate,
    I would not directly connect to any online database (except of course when that database supports per-user authentication).

    Is it possible to create an online database? - Indigo Rose Software Forums
    https://forums.indigorose.com/forum/autoplay-media-studio-8-5/autoplay-media-studio-8-discussion/306666-is-it-possible-to-create-an-online-database
    Queria saber se é possivel criar uma data base online para arquivar informações de usuarios. alguem pode me ajudar ?


    I am currently using AMS to communicate with an online database: the application retrieves, inserts, updates and deletes information in MYSQL.
    All operations are performed using plugin "MySQL", database is hosted in a VPS Server through a paid provider.

    Everything works great, however as Imagine Programming mentioned, I believe the information in database is not secure.


    This is the code for connection:


    Code:
    local MySQLConnection = MySQL.Connect("000.000.000.00", "DataBaseName", "Password", "TableName", "PortNumber");

if (MySQLConnection ~= 0) then
local error = Application.GetLastError();
Dialog.Message("Error",error.."\n\n Connection to database not found, application will close");
Application.Exit(0);
else
end

    What else should I add to make the information in database more secure?

    Thanks!

    David R.

    Tags: None
  • #2

    ​​​​Hello If you set the hardest passwords for the database as long as you use direct communication, I think the security is very low (because the source code is in RAM) To increase security, you must use a php file that is uploaded to your host. Did you ... if you want me to write the connection code via php?
    Goodluck

    Comment

    • #3
      Sina Dehghani Sure please how is the connection established for PHP?

      David R.

      Comment

      • #4
        Please send host, username, password, dbname to send the appropriate code to the database to connect ...

        And do you need to add or remove data or just connect to the database?

        Comment

        • #5
          Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden.

          Any code that is running local will need to be in a format that the computer can read, there for a human can patch it with enough time, AMS is much easier the most, NEVER store date like table names, passwords and usersnames within ams.

          Create a web connection to your server, use a php script to return the database information you want inside your app, return information to app and use it in the app, this means A if a basic username becomes leaked you just ban the username server side not damage one, also using a username and password system like this means users never leave the details in the app

          You can also create a session ID per computer hardware ID, and then create a connection for that user on the server and if you see bad requests from that computer you can then ban that ID fully so that computer will never be able to attack your system again.
          Plugins or Sources MokoX
          BunnyHop Here
          • 👍 1

          Comment

          • #6
            Originally posted by kingzooly View Post
            Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden....
            Thanks for the info kingzooly

            PHP is new to me, but if it is the best alternative then I will go with it.

            David R.
            • 👍 1

            Comment

            • #7
              Originally posted by kingzooly View Post
              Use php on the server I have one this many times before let the host do all the work, so the user login details can be still sent via the app via the web options there are a few in ams I use 3ed party wget myself but there is many ways to send http to a server in ams, and all the DB stuff is done back end never letting the user have full access to the db, it also means table names and all this are also hidden.
              Indeed, that's what I meant in the original posting of the OP. You need to have authorization between your application and a web-API, so that a user can log in to your service. Then the service can handle all the DB interaction. As kingzooly says, PHP is a viable option for this. You can also use ASP.net (C#) for this, Java with Tomcat I believe, JavaScript with NodeJS. There is a plethora of options, however you need to make a server side application to make things secure.

              Bas Groothedde
              Imagine Programming :: Blog

              AMS8 Plugins
              IMXLH Compiler
              • 👍 1

              Comment

              Previous template Next
              Working...
              X
              😀
              🥰
              🤢
              😎
              😡
              👍
              👎