| Groups | Blog | Home |
sql server (microsoft) : C# and server connectivity
[quoted text, click to view]
> I do not have permissions to run any application on the server to write some It isn't very clear (to me) what this constraint does/doesn't allow,> interface given your HTML / PHP comments. Personally my first stab would be to run a WCF site on the server in a dedicated server account (with access) and interface through that, using any of a dozen user authentication schemes as appropriate. Any good? Marc
I'm writing a C# app that needs access to a remote SQL database. The issue
is that I don't want users of the app to have directly access to the database because of security reasons. I do not have permissions to run any application on the server to write some interface so I don't know what to do. My initial thought was to write a web page in php and have the C# application access the page and transfer information through the php web interface transparently to the user. (so php will handle the SQL statements and the html web will interface with the C# app.) This doesn't seem the best way to do this and I was wondering if there is a better way or some other approach? Maybe I can use the HTML request object to send information back and forth simulating a web server application interface? (not quite sure how that would work though since I have no experience with it) Thanks, Jon
[quoted text, click to view] "Marc Gravell" <marc.gravell@gmail.com> wrote in message news:1172035340.295114.72240@q2g2000cwa.googlegroups.com... >> I do not have permissions to run any application on the server to write >> some >> interface > It isn't very clear (to me) what this constraint does/doesn't allow, > given your HTML / PHP > comments. Personally my first stab would be to run a WCF site on the > server in a > dedicated server account (with access) and interface through that, > using any of a dozen > user authentication schemes as appropriate. Any good? > Because I don't have any access to run any server applications except those that are already prescribed for the account. My current web hosting service isn't going to allow me to run any old application I want and chances are there not going to allow me to run any application I create because of security issues. Jon
On Feb 21, 10:19 pm, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com>
[quoted text, click to view] wrote: > "Marc Gravell" <marc.grav...@gmail.com> wrote in message > > news:1172035340.295114.72240@q2g2000cwa.googlegroups.com... > > >> I do not have permissions to run any application on the server to write > >> some > >> interface > > It isn't very clear (to me) what this constraint does/doesn't allow, > > given your HTML / PHP > > comments. Personally my first stab would be to run a WCF site on the > > server in a > > dedicated server account (with access) and interface through that, > > using any of a dozen > > user authentication schemes as appropriate. Any good? > > Because I don't have any access to run any server applications except those > that are already prescribed for the account. My current web hosting service > isn't going to allow me to run any old application I want and chances are > there not going to allow me to run any application I create because of > security issues. > > Jon Use ASP.NET and web services. If your web hosting provider doesn't allow ASP.NET, surely they don't allow a SQL database?
[quoted text, click to view]
Jon Slaughter wrote: > No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm > using to test with.
[quoted text, click to view] <mangist@gmail.com> wrote in message news:1172290239.653944.243670@8g2000cwh.googlegroups.com... > On Feb 21, 10:19 pm, "Jon Slaughter" <Jon_Slaugh...@Hotmail.com> > wrote: >> "Marc Gravell" <marc.grav...@gmail.com> wrote in message >> >> news:1172035340.295114.72240@q2g2000cwa.googlegroups.com... >> >> >> I do not have permissions to run any application on the server to >> >> write >> >> some >> >> interface >> > It isn't very clear (to me) what this constraint does/doesn't allow, >> > given your HTML / PHP >> > comments. Personally my first stab would be to run a WCF site on the >> > server in a >> > dedicated server account (with access) and interface through that, >> > using any of a dozen >> > user authentication schemes as appropriate. Any good? >> >> Because I don't have any access to run any server applications except >> those >> that are already prescribed for the account. My current web hosting >> service >> isn't going to allow me to run any old application I want and chances are >> there not going to allow me to run any application I create because of >> security issues. >> >> Jon > > Use ASP.NET and web services. If your web hosting provider doesn't > allow ASP.NET, surely they don't allow a SQL database? > No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm using to test with.
[quoted text, click to view] "Ed Murphy" <emurphy42@socal.rr.com> wrote in message news:45dfcda2$0$28111$4c368faf@roadrunner.com... > Jon Slaughter wrote: > >> No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm >> using to test with. > > Why the heck wouldn't you use MySQL for testing as well? Did I ever say I wouldn't???
[quoted text, click to view]
Jon Slaughter wrote: > "Ed Murphy" <emurphy42@socal.rr.com> wrote in message > news:45dfcda2$0$28111$4c368faf@roadrunner.com... >> Jon Slaughter wrote: >> >>> No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm >>> using to test with. >> Why the heck wouldn't you use MySQL for testing as well? > > Did I ever say I wouldn't??? > > This thread confuses me... Why aren't you simply connecting to your database (whatever it is) through ODBC from your application? This method you're trying seems very odd unless I have missed some critical constraint of your environment.
[quoted text, click to view]
Jon Slaughter wrote: > "Jonathan Roberts" <gremln007@diynics.com> wrote in message > news:BW2Eh.60462$5F3.19331@newsfe14.lga... >> Jon Slaughter wrote: >>> "Ed Murphy" <emurphy42@socal.rr.com> wrote in message >>> news:45dfcda2$0$28111$4c368faf@roadrunner.com... >>>> Jon Slaughter wrote: >>>> >>>>> No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm >>>>> using to test with. >>>> Why the heck wouldn't you use MySQL for testing as well? >>> Did I ever say I wouldn't??? >> This thread confuses me... Why aren't you simply connecting to your >> database (whatever it is) through ODBC from your application? This method >> you're trying seems very odd unless I have missed some critical constraint >> of your environment. >> > > Connecting to the database using any client side scripting is only a > security disaster. I have to keep the users as far away from the database as > possible. If they are connecting to the database directly then they could > potentially hack the server. Adding extra levels is more likely to screw things up than add any useful protection. You should simply restrict access at the database server level. For instance, if a user should be able to update some records in a table but not others, then you don't give them direct access to the table (relying on the client software to behave) - you only give them access to a stored procedure (or whatever equivalent MySQL offers) that rejects any attempt to perform an unauthorized
[quoted text, click to view] "Jonathan Roberts" <gremln007@diynics.com> wrote in message news:BW2Eh.60462$5F3.19331@newsfe14.lga... > Jon Slaughter wrote: >> "Ed Murphy" <emurphy42@socal.rr.com> wrote in message >> news:45dfcda2$0$28111$4c368faf@roadrunner.com... >>> Jon Slaughter wrote: >>> >>>> No asp and no SQL. It uses php and mysql but I have sqlexpress that I'm >>>> using to test with. >>> Why the heck wouldn't you use MySQL for testing as well? >> >> Did I ever say I wouldn't??? > > This thread confuses me... Why aren't you simply connecting to your > database (whatever it is) through ODBC from your application? This method > you're trying seems very odd unless I have missed some critical constraint > of your environment. > Connecting to the database using any client side scripting is only a security disaster. I have to keep the users as far away from the database as possible. If they are connecting to the database directly then they could potentially hack the server.
Don't see what you're looking for? Try a search.
|
March 2003
April 2003
May 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
| home · blog · groups | Questions? Comments? Contact the dn |