Web database help - please!

Tony_Davies · August 10, 2013, 12:02pm

Hi all,
I am trying to get my head round web-based database apps. Am I right in thinking that there are TWO main approaches that could be used? ie Method 1 - deploy a desktop app to my customers which connects to a web hosted MySQL server, and Method 2 - deploy a web app to a hosted Appache server which also hosts the database server.
Are there security issues which are better handled by Method 1 or 2? Are there any “best practise” articles / documents that I should study? I take it that Method 2 would be popular as my customers would require no software other than a web browser.

Sorry if I am being a bit dense - but new to Xojo and new to SQL databases

Tony

Tony_Davies · August 10, 2013, 9:39pm

Thanks Dave, those are good pointers. By “WE” do you mean Xojo web app?

Brian_O_Brien · August 11, 2013, 3:00am

I was under the impression that MySQL and Postgres servers came pre-installed with Mac OS X Server edition…

Tim_Hare · August 11, 2013, 5:20am

Method 1: very bad for security
Method 2: the usual solution

You can deploy a desktop app that talks to a web app (via https of course) that talks to the database.

Tony_Davies · August 11, 2013, 11:31am

Thanks Tim,
That’s what I really wanted to know.

In terms of which database server to use, I currently have a working desktop app that uses MySQLcommunityServer, but I am interested to know what developers think about other servers - especially in a web hosted environment. I believe that Xojo ships with its own SQLite db which may be sufficient for my project. I anticipate a fairly small user base of 1-200 users, so perhaps 10-20 concurrent logins at most…

Again, any pointers / advice on the above will be much appreciated.

Joseph_E · August 13, 2013, 9:43pm

[quote=26412:@Tim Hare]Method 1: very bad for security
Method 2: the usual solution

You can deploy a desktop app that talks to a web app (via https of course) that talks to the database.[/quote]

Tim,

Does this pose an issue even if using prepared statements? Besides an SQL Injection attack what other exploits are there in using a desktop app and remote database? How does having the Web App help in the case of using it in between the desktop and database on the server.

I need to learn more about this - is there a good primer on this? Thanks.

Tim_Hare · August 13, 2013, 11:13pm

The problem is exposing your database to the world. If the app and database are on the same server (or on separate servers that are both inside the firewall), you can shut off access to your database from the outside. Only servers inside the firewall can access it. So you want to funnel all access through an intermediary - a web page or web service api - so you don’t have to open the db up to every hacker on the web.