Mysql over HTTP

Hi all,

It's all well and good having mysql using port 3309 (or any other port for
that matter); I'm writing an application that will be used by loads of users
off the internet - so I'm expecting firewall issues.

One easy way is to have the mysql traffic flow over port 80; that works
sometimes but not with intelligent firewalls that only allow http traffic or
companies that have only http ports open (yes there are many of these)

One method I've thought about that goes around this is to write an interface
that sits in-front of the mysql client and translates the mysql traffic into
http get or put requests and use wininet.dll to send these requests to the
server. Since these are get and put requests I'll have to write and install
a cgi or isapi dll on the webserver which translates these requests into
normal traffic and relays it to the mysql server and vice versa.

This would in effect produce an environment where as long as you can browse
you can use the mysql client application (with iexplore because of wininet)
- and with linux to some extent and this will also be able to go thru http
proxies etc (basically anything that ie can go thru)

Before I get my hands dirty; is there anything like this that exists out
there? I have a week leave from Monday and if there isn't well im about to
start writing one.

Jangita


--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org

Re: Mysql over HTTP

Apache + PHP/mysql(i) ? I guess?

Jangita wrote:
> Hi all,
>
> It's all well and good having mysql using port 3309 (or any other port for
> that matter); I'm writing an application that will be used by loads of users
> off the internet - so I'm expecting firewall issues.
>
> One easy way is to have the mysql traffic flow over port 80; that works
> sometimes but not with intelligent firewalls that only allow http traffic or
> companies that have only http ports open (yes there are many of these)
>
> One method I've thought about that goes around this is to write an interface
> that sits in-front of the mysql client and translates the mysql traffic into
> http get or put requests and use wininet.dll to send these requests to the
> server. Since these are get and put requests I'll have to write and install
> a cgi or isapi dll on the webserver which translates these requests into
> normal traffic and relays it to the mysql server and vice versa.
>
> This would in effect produce an environment where as long as you can browse
> you can use the mysql client application (with iexplore because of wininet)
> - and with linux to some extent and this will also be able to go thru http
> proxies etc (basically anything that ie can go thru)
>
> Before I get my hands dirty; is there anything like this that exists out
> there? I have a week leave from Monday and if there isn't well im about to
> start writing one.
>
> Jangita
>
>
>


--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org

Re: Mysql over HTTP

On 4/7/06, Jangita wrote:
> Hi all,
>
> It's all well and good having mysql using port 3309 (or any other port fo=
r
> that matter); I'm writing an application that will be used by loads of us=
ers
> off the internet - so I'm expecting firewall issues.
>
> One easy way is to have the mysql traffic flow over port 80; that works
> sometimes but not with intelligent firewalls that only allow http traffic=
or
> companies that have only http ports open (yes there are many of these)
>
> One method I've thought about that goes around this is to write an interf=
ace
> that sits in-front of the mysql client and translates the mysql traffic i=
nto
> http get or put requests and use wininet.dll to send these requests to th=
e
> server. Since these are get and put requests I'll have to write and insta=
ll
> a cgi or isapi dll on the webserver which translates these requests into
> normal traffic and relays it to the mysql server and vice versa.
>
> This would in effect produce an environment where as long as you can brow=
se
> you can use the mysql client application (with iexplore because of winine=
t)
> - and with linux to some extent and this will also be able to go thru htt=
p
> proxies etc (basically anything that ie can go thru)
>
> Before I get my hands dirty; is there anything like this that exists out
> there? I have a week leave from Monday and if there isn't well im about t=
o
> start writing one.
>

Is there any specific reason for you not to write your application
using a web language like PHP, Perl, ASP, .NET or anything like that?
You mentioned some weird convertions regarding TCP packages headers
and filtering, while searching for a solution to let an app access
MySQL trough firewalls and/or proxies, why not simply write a CGI or
server-side based app?

You'll have LOTS of problems while dealing with TCP/IP packaging and
headers and converting it all to HTTP traffic, besides, you'll
probably load your server a LOT while still having to write a
client-side AND a server-side conversion tool for traffic. Besides, it
won't be fail proof as you can still step in some routers that may
block your converted packages.

If you want to use a browser-like app, why not let the browser do its work?

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=3Dgcdmw-win32@m.gmane.org

Re: Mysql over HTTP

What is it exactly that you want to do? I have NEVER had to (or even
WANTED to open my DB Servers to the public). It is DANGEROUS, and NOT
recommended.

*Brandon Schenz*
Midwest Sports Supply
IT Manager
Phone: 513-956-4900
Fax: 513-956-4910
E-mail: brandons@midwestsports.com


Daniel da Veiga wrote:
> On 4/7/06, Jangita wrote:
>
>> Hi all,
>>
>> It's all well and good having mysql using port 3309 (or any other port for
>> that matter); I'm writing an application that will be used by loads of users
>> off the internet - so I'm expecting firewall issues.
>>
>> One easy way is to have the mysql traffic flow over port 80; that works
>> sometimes but not with intelligent firewalls that only allow http traffic or
>> companies that have only http ports open (yes there are many of these)
>>
>> One method I've thought about that goes around this is to write an interface
>> that sits in-front of the mysql client and translates the mysql traffic into
>> http get or put requests and use wininet.dll to send these requests to the
>> server. Since these are get and put requests I'll have to write and install
>> a cgi or isapi dll on the webserver which translates these requests into
>> normal traffic and relays it to the mysql server and vice versa.
>>
>> This would in effect produce an environment where as long as you can browse
>> you can use the mysql client application (with iexplore because of wininet)
>> - and with linux to some extent and this will also be able to go thru http
>> proxies etc (basically anything that ie can go thru)
>>
>> Before I get my hands dirty; is there anything like this that exists out
>> there? I have a week leave from Monday and if there isn't well im about to
>> start writing one.
>>
>>
>
> Is there any specific reason for you not to write your application
> using a web language like PHP, Perl, ASP, .NET or anything like that?
> You mentioned some weird convertions regarding TCP packages headers
> and filtering, while searching for a solution to let an app access
> MySQL trough firewalls and/or proxies, why not simply write a CGI or
> server-side based app?
>
> You'll have LOTS of problems while dealing with TCP/IP packaging and
> headers and converting it all to HTTP traffic, besides, you'll
> probably load your server a LOT while still having to write a
> client-side AND a server-side conversion tool for traffic. Besides, it
> won't be fail proof as you can still step in some routers that may
> block your converted packages.
>
> If you want to use a browser-like app, why not let the browser do its work?
>
> --
> Daniel da Veiga
> Computer Operator - RS - Brazil
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
> PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
> ------END GEEK CODE BLOCK------
>
>

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org

Re: Mysql over HTTP

Jangita,

First of all, just exposing a MySQL database to the wide, wholly world
of the Internet is probably not a good idea. If you had too, I'd at least
flip SSL on so data isn't trivially easy to snoop on and make sure that
authentication credentials scanners really do get locked out.

Second, if you did implement a web-based "just execute this query and
maybe return the results" application, it should only take a few minutes to
write. Millions of programmers have gone before you here. (Thousands of
applications inadvertenly still have these kind of calls in them; look up
"sql injection" with your favorite search engine for more details.)

Third, if you're looking for a "human-friendly" web interface into a
MySQL database, there are also upwards of a dozen of these around; for
example, PHPMyAdmin. (Unless they are on an internal development server,
these still give me the heeby-jeebies.)

I'd suggest picking up a book or two that talks about "N-tier"
architectures and distributed application design. It sounds like you have
a handle on a desktop client and the data you want stored in the MySQL
database; however it sounds like you're struggling with a good way to get
from your clients into the database. Long story short, I don't think I'd
trust my distributed clients to just issue SQL queries; it's just too easy
to hack these into doing something unexpected. Instead, I'd keep my SQL
queries on the server and just pass "transaction" requests and data
responses between the clients and server, even then taking care to filter
my data. In addition, you can expect that you'll run into concurrency
issues if you have a significant number of clients, so there may be
"timeout" handling and perhaps "queueing" issues in your future; your
application architecture will have a lot to do with how you handle these.

I hope this helps!

Regards,
- Jonathan Lampe

At 01:57 PM 4/7/2006, Jangita wrote:
>Hi all,
>
>It's all well and good having mysql using port 3309 (or any other port for
>that matter); I'm writing an application that will be used by loads of users
>off the internet - so I'm expecting firewall issues.
>
>One easy way is to have the mysql traffic flow over port 80; that works
>sometimes but not with intelligent firewalls that only allow http traffic or
>companies that have only http ports open (yes there are many of these)
>
>One method I've thought about that goes around this is to write an interface
>that sits in-front of the mysql client and translates the mysql traffic into
>http get or put requests and use wininet.dll to send these requests to the
>server. Since these are get and put requests I'll have to write and install
>a cgi or isapi dll on the webserver which translates these requests into
>normal traffic and relays it to the mysql server and vice versa.
>
>This would in effect produce an environment where as long as you can browse
>you can use the mysql client application (with iexplore because of wininet)
>- and with linux to some extent and this will also be able to go thru http
>proxies etc (basically anything that ie can go thru)
>
>Before I get my hands dirty; is there anything like this that exists out
>there? I have a week leave from Monday and if there isn't well im about to
>start writing one.
>
>Jangita
>
>
>--
>MySQL Windows Mailing List
>For list archives: http://lists.mysql.com/win32
>To unsubscribe: http://lists.mysql.com/win32?unsub=jonathan@stdnet.com

- Jonathan Lampe
- jonathan.lampe@standardnetworks.com

******************* PLEASE NOTE *******************

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.


--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org

Re: Mysql over HTTP

On 4/7/06, Jangita wrote:
> True, I could write a browser app with apache/mysql/php - but there are s=
ome
> things that just can't be done with a browser, for example back to my cha=
t
> example; having a web based yahoo chat is fun and will work; but those
> notifications at the bottom of the screen the sounds etc. Or another exam=
ple
> like a news popup program that sits on the system tray. You probably agre=
e
> that there is stuff that an application is better (and more secure as
> doing).Frankly I'm not that good in http and php - can whip up a Delphi a=
pp
> in seconds tho :) )
>
> I'm thinking packing it well enough (the way you can download a regular f=
ile
> from a website) should hide the traffic well enough;
>
> As for the client and server conversion apps I could probably sell then :=
)

Yes you could, it would be better than most HTTP tunelling software in
the market, in fact, you'll drive most admins crazy with that, as your
app could possibly produce a risky environment on any company that
allow Internet surfing, you could install the server at home and
virtually use any app using the client and connecting with your home
computer... Sounds like a dream for users and a nightmare for
admins...

Stuff like ActiveX can be used to download and run mini-apps to
provide what you want (popups, notifiers, icons and sounds), and you
could still use a mini-client with HTTP communication to make this
happen while using the server-side to deal with REAL database stuff
(the important work). In fact, you don't need to convert anything, you
could just write an app that make queries, send it to a PHP page that
would process and return stuff and parse a HTML, XML, CSV, whatever,
return from the PHP simple page.

Delphi can be used to share a session opened (and even authenticated)
from the web using the browser, I remember an app that would do that,
just don't know if its written in Delphi, but it sure could be,
Audiogalaxy, check it out: http://www.audiogalaxy.com/

There are millions of options for Delphi way better than what you
initially wanted to do, althought you could get a LOT of profit from
writting something like that and selling it... It can be more
complicated than it sound.

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=3Dgcdmw-win32@m.gmane.org

RE: Mysql over HTTP

Hi Daniel

"and you could still use a mini-client with HTTP communication to make this
happen while using the server-side to deal with REAL database stuff (the
important work). In fact, you don't need to convert anything, you could just
write an app that make queries, send it to a PHP page that would process and
return stuff and parse a HTML, XML, CSV, whatever, return from the PHP
simple page" < now THAT is an EXCELLENT idea!!

Could have the client app just call a php page with for example
http://www.myserver.com/myphp.php?proc=procname¶m1=value 1¶m2=value2
Or maybe in the content of the request so that its not seen by all probably
encrypted ie data=fdsjkhsfsdfsidfyr4ryt8wdgh8ifdhw8fiog3 which translates to
the above

Then the page calls the mysql stored procedure splashes the results into the
content in xml or whatever that the client app can load into memory datasets
and process; to keep the php page simple.

GENIOUS

Want to share in the profits? :)

Thanks again.

-----Original Message-----
From: Daniel da Veiga [mailto:danieldaveiga@gmail.com]
Sent: 07 April 2006 10:37 p
To: MySQL Win32 List
Subject: Re: Mysql over HTTP

On 4/7/06, Jangita wrote:
> True, I could write a browser app with apache/mysql/php - but there are
some
> things that just can't be done with a browser, for example back to my chat
> example; having a web based yahoo chat is fun and will work; but those
> notifications at the bottom of the screen the sounds etc. Or another
example
> like a news popup program that sits on the system tray. You probably agree
> that there is stuff that an application is better (and more secure as
> doing).Frankly I'm not that good in http and php - can whip up a Delphi
app
> in seconds tho :) )
>
> I'm thinking packing it well enough (the way you can download a regular
file
> from a website) should hide the traffic well enough;
>
> As for the client and server conversion apps I could probably sell then :)

Yes you could, it would be better than most HTTP tunelling software in
the market, in fact, you'll drive most admins crazy with that, as your
app could possibly produce a risky environment on any company that
allow Internet surfing, you could install the server at home and
virtually use any app using the client and connecting with your home
computer... Sounds like a dream for users and a nightmare for
admins...

Stuff like ActiveX can be used to download and run mini-apps to
provide what you want (popups, notifiers, icons and sounds), and you
could still use a mini-client with HTTP communication to make this
happen while using the server-side to deal with REAL database stuff
(the important work). In fact, you don't need to convert anything, you
could just write an app that make queries, send it to a PHP page that
would process and return stuff and parse a HTML, XML, CSV, whatever,
return from the PHP simple page.

Delphi can be used to share a session opened (and even authenticated)
from the web using the browser, I remember an app that would do that,
just don't know if its written in Delphi, but it sure could be,
Audiogalaxy, check it out: http://www.audiogalaxy.com/

There are millions of options for Delphi way better than what you
initially wanted to do, althought you could get a LOT of profit from
writting something like that and selling it... It can be more
complicated than it sound.

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=jangita@jangita.com



--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org

Re: Mysql over HTTP

On 4/7/06, Jangita wrote:
> Hi Daniel
>
> "and you could still use a mini-client with HTTP communication to make th=
is
> happen while using the server-side to deal with REAL database stuff (the
> important work). In fact, you don't need to convert anything, you could j=
ust
> write an app that make queries, send it to a PHP page that would process =
and
> return stuff and parse a HTML, XML, CSV, whatever, return from the PHP
> simple page" < now THAT is an EXCELLENT idea!!
>
> Could have the client app just call a php page with for example
> http://www.myserver.com/myphp.php?proc=3Dprocname¶m1=3Dv alue1¶m2=
=3Dvalue2
> Or maybe in the content of the request so that its not seen by all probab=
ly
> encrypted ie data=3Dfdsjkhsfsdfsidfyr4ryt8wdgh8ifdhw8fiog3 which translat=
es to
> the above
>
> Then the page calls the mysql stored procedure splashes the results into =
the
> content in xml or whatever that the client app can load into memory datas=
ets
> and process; to keep the php page simple.
>
> GENIOUS
>
> Want to share in the profits? :)
>
> Thanks again.
>

The only profit would be you getting it to work and letting me know of
it ;) you know, having an idea is easy, write the code, heh, that's
the real work, like Linus Torvalds said "Talk is cheap, show me the
code". Oh, and anytime you need, lists are for this purpose...

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=3Dgcdmw-win32@m.gmane.org

RE: Mysql over HTTP

Give me a week!

-----Original Message-----
From: Daniel da Veiga [mailto:danieldaveiga@gmail.com]
Sent: 07 April 2006 10:49 p
To: MySQL Win32 List
Subject: Re: Mysql over HTTP

On 4/7/06, Jangita wrote:
> Hi Daniel
>
> "and you could still use a mini-client with HTTP communication to make
this
> happen while using the server-side to deal with REAL database stuff (the
> important work). In fact, you don't need to convert anything, you could
just
> write an app that make queries, send it to a PHP page that would process
and
> return stuff and parse a HTML, XML, CSV, whatever, return from the PHP
> simple page" < now THAT is an EXCELLENT idea!!
>
> Could have the client app just call a php page with for example
>
http://www.myserver.com/myphp.php?proc=procname¶m1=value 1¶m2=value2
> Or maybe in the content of the request so that its not seen by all
probably
> encrypted ie data=fdsjkhsfsdfsidfyr4ryt8wdgh8ifdhw8fiog3 which translates
to
> the above
>
> Then the page calls the mysql stored procedure splashes the results into
the
> content in xml or whatever that the client app can load into memory
datasets
> and process; to keep the php page simple.
>
> GENIOUS
>
> Want to share in the profits? :)
>
> Thanks again.
>

The only profit would be you getting it to work and letting me know of
it ;) you know, having an idea is easy, write the code, heh, that's
the real work, like Linus Torvalds said "Talk is cheap, show me the
code". Oh, and anytime you need, lists are for this purpose...

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------

--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=jangita@jangita.com



--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org