FW: Mysql over HTTP

Yes, You understood. I've done a couple of N tier apps before; but I just
thought mysql would make it easier? Well it seems not :) I'll just filter
send transactions (or methods) that run statements on the server and returns
results so that client applications are "dumb" terminals - just thought the
stored procedures would do that :)

Thanks for the info

-----Original Message-----
From: Jonathan G. Lampe [mailto:jonathan.lampe@standardnetworks.com]
Sent: 07 April 2006 10:22 p
To: Jangita; win32@lists.mysql.com
Subject: Re: Mysql over HTTP

Jangita,

First of all, just exposing a MySQL database to the wide, wholly world
of the Internet is probably not a good idea. If you had too, I'd at least
flip SSL on so data isn't trivially easy to snoop on and make sure that
authentication credentials scanners really do get locked out.

Second, if you did implement a web-based "just execute this query and
maybe return the results" application, it should only take a few minutes to
write. Millions of programmers have gone before you here. (Thousands of
applications inadvertenly still have these kind of calls in them; look up
"sql injection" with your favorite search engine for more details.)

Third, if you're looking for a "human-friendly" web interface into a
MySQL database, there are also upwards of a dozen of these around; for
example, PHPMyAdmin. (Unless they are on an internal development server,
these still give me the heeby-jeebies.)

I'd suggest picking up a book or two that talks about "N-tier"
architectures and distributed application design. It sounds like you have
a handle on a desktop client and the data you want stored in the MySQL
database; however it sounds like you're struggling with a good way to get
from your clients into the database. Long story short, I don't think I'd
trust my distributed clients to just issue SQL queries; it's just too easy
to hack these into doing something unexpected. Instead, I'd keep my SQL
queries on the server and just pass "transaction" requests and data
responses between the clients and server, even then taking care to filter
my data. In addition, you can expect that you'll run into concurrency
issues if you have a significant number of clients, so there may be
"timeout" handling and perhaps "queueing" issues in your future; your
application architecture will have a lot to do with how you handle these.

I hope this helps!

Regards,
- Jonathan Lampe

At 01:57 PM 4/7/2006, Jangita wrote:
>Hi all,
>
>It's all well and good having mysql using port 3309 (or any other port for
>that matter); I'm writing an application that will be used by loads of
users
>off the internet - so I'm expecting firewall issues.
>
>One easy way is to have the mysql traffic flow over port 80; that works
>sometimes but not with intelligent firewalls that only allow http traffic
or
>companies that have only http ports open (yes there are many of these)
>
>One method I've thought about that goes around this is to write an
interface
>that sits in-front of the mysql client and translates the mysql traffic
into
>http get or put requests and use wininet.dll to send these requests to the
>server. Since these are get and put requests I'll have to write and install
>a cgi or isapi dll on the webserver which translates these requests into
>normal traffic and relays it to the mysql server and vice versa.
>
>This would in effect produce an environment where as long as you can browse
>you can use the mysql client application (with iexplore because of wininet)
>- and with linux to some extent and this will also be able to go thru http
>proxies etc (basically anything that ie can go thru)
>
>Before I get my hands dirty; is there anything like this that exists out
>there? I have a week leave from Monday and if there isn't well im about to
>start writing one.
>
>Jangita
>
>
>--
>MySQL Windows Mailing List
>For list archives: http://lists.mysql.com/win32
>To unsubscribe: http://lists.mysql.com/win32?unsub=jonathan@stdnet.com

- Jonathan Lampe
- jonathan.lampe@standardnetworks.com

******************* PLEASE NOTE *******************

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the named addressee you should not disseminate, distribute or
copy this e-mail. Please delete this e-mail from your system. If you are not
the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.



--
MySQL Windows Mailing List
For list archives: http://lists.mysql.com/win32
To unsubscribe: http://lists.mysql.com/win32?unsub=gcdmw-win32@m.gmane.org