What’s The Xojo Best Practices Method For Communication With a Cloud DB?

I am experimenting with a local Xojo desktop application that uses a SQLite db, that, when changed, sends the same update information to a Cloud-based MySQL db using JSON. I am currently having success by using HTTPSocket (when live will use HTTPSecureSocket), writing my code in a Xojo WE app using HandleSpecialURL.

My question is this: Is that the best way to go? What’s the safest and fastest?

Should I consider other methods? TCP? EasyTCP? UTP? Etc., etc…

?Síochán!
Gary

Why don’t you use SQL?

Regards

Trixi

I don’t want to connect to the db directly from the desktop. I want to protect the cloud db so that the only connections can come from one place to add that layer of security.

Usually what you want to do then is have some app on the server that handles the communication. We have created a Web Edition app that mostly does nothing but handle communication requests from desktop apps. The communication is handled via the web app Special URL and is encapsulated in either JSON or XML.

The Desktop App bundles the request and sends it to the appropriate URL via a http GET/POST command. The Web App receives the request, parses it, gets the data/performs the function, packages up the response and sends it to the desktop app. Both sides need to know how to communicate. Otherwise it’s not THAT hard.

The actual protocol doesn’t matter so much- making your own web service is a fine way to go. But always have an in between layer- never have the database itself exposed directly (as mentioned). Always make sure you have some kind of account/authentication on that public in between layer you’re using. Bad things can happen otherwise!

[quote=14432:@Travis Hill]The actual protocol doesn’t matter so much- making your own web service is a fine way to go. But always have an in between layer- never have the database itself exposed directly (as mentioned). Always make sure you have some kind of account/authentication on that public in between layer you’re using. Bad things can happen otherwise!

[/quote]

All too often people write a client and add in security there, user A can/can’t do this and they feel doing it in the middle-tier is duplicate work and it doesn’t get done… Whoa! Security needs to be in both places, in the client so the user can’t press the delete button (or maybe it doesn’t even present the delete button) and in the business layer so a delete request will not be processed if it ever gets through.

Exposing a DB knowing how to secure it does not offer much risk. There are dozens of features to work on these (depending on your DB and Firewall). Basically you can change the base listening port for a non default port, encrypt the communication, and for extra security set your system to accept just certain IPs. Hackers can’t even connect to the open port this way.

Thanks, Guys. That’s pretty much the way I’m setting it up. Only one IP can directly access the server.

Thanks for the tips. At least I’m not using the path never taken!

Gentlemen - A late injection into the “CloudDB” conversation, however, I thought one of our designs may be useful to someone in the Xojo development community.

We are currently using Xojo as an RDFE “front-end” to all of our “backend cloud” infrastructure, which coincidentally includes huge MySQL cluster(s) and application (data-processing gateways/servers). In short, Xojo interfaces with our middle-ware using custom Xojo classes developed around our framework’s data-style with JSON GET/POST actions over https and ssh “in-between the front end and the middle-ware”.

While the Xojo side may sound complicated, its actually rather simple (see below) and while we are bias, we also think its pretty little slick at that!

Below is a redacted overview which demonstrates the design concept (and visualizes the “CloudBD” access component from a Xojo Interface mentioned above). In a production environment, at least for what we are doing with it, it scales very well and across multiple data centers with ease and speed:

Best of all - If we need to make a GUI or data-flow design change (on the Xojo side), our development team can implement the change and usually start testing in the lab within a matter of minutes.

Hope this helps to inspire someone else in the Xojo community!

Kraig Beahn
L2Networks Corp.