I am working in the application where i am using PostgreSQL as database .I want to to provide choice to user either use application internal database or user can connect with his own external database in the application.
If user choose application internal database all the user's related stuff will be get saved in the application's internal database and if user connects with his own database then application have to use users database for this user.
How this can be achieved in rails.
Yes you can do this, though I would steer clear of ORMs like ActiveRecord which mandate their own conventions and provide limited SQL features.
Since it sounds like you want to connect to arbitrary databases you can't use regular models anyway.
The best known data access layer and DB utility knife for ruby, and one which I use in my ruby projects is Sequel.
Sequel provides full capability to express complex queries and works with quite a number of DBs.
Above all read the documentation and determine for yourself if it meets your specific requirements.
Related
I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
In other applications I've written, I've had to add the database specifications (username, password etc) into profiles.clj. Should I create profiles.clj and add the location of my database there? And does this mean I have to update the project.clj as well?
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs.
I apologise if these questions are trivial but after reading the documentation several times I am still a little confused
re-frame is a framework for building client-side web applications. You won't be able to do generic database queries as most databases don't support direct access from a browser.
I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
You probably need to create a middle API tier that accepts REST requests from re-frame, and queries the database, returning JSON back to the client.
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs
Those are probably queries to your API tier? They can live anywhere that you would like.
One thing to clarify: re-frame has an app-db that it uses and refers to. This is a client-side database of local state that lives in your application. It doesn't have a connection to the backend, at least not without you writing more code for it. It sounds like you might be confusing these?
I have to develop a database that will be used for data acquisition, mainly measurements from micrometer which will be compared against a Reference Table inside the db. The platform is OS X. I have been looking at Valentina-DB, SQLite and even MySQL.
My main requirement is: The database will be used by factory workers which may not have a lot of experience in using software. Therefore, the front-end has to be extremely easy to use. This includes installation of the database and the front-end.
What are my options when it comes to custom GUI apps?
Most of databases have no GUI front-end to use "by factory workers for data acquisition" so you need to program it yourself.
One of the approaches would be to use Java Swing GUI and some Java-based database like Apache Derby maybe. You could put everything into runnable jars, talk to database exclusively directly (not network setup, no authentication) and Java is available on OS X form Oracle website. Seems relatively easy to setup and would also run under Windows if at the end desired. This is not the only possible approach but something that is likely to work.
There are many possible alternative approaches.
I'm working on a bunch of cakephp apps that are all services that you have access to when you login to the main website. Each app will be hosted on a separate server, and there will be a separate login server as well.
Doing the research, I found Cakephp supports writing sessions to a database, http://blog.jambura.com/2011/08/24/should-i-use-database-for-storing-sessions-in-cakephp/
And also it supports having multiple database connections,
http://bakery.cakephp.org/articles/mithesh/2008/09/02/talking-to-multiple-databases-from-single-cakephp-application
So I was considering the possibility of storing the sessions on the login server, which the other websites all access, and then they all use their own databases for the rest of their data. It seems like it would be simple to implement, but I have concern that there would be too much reading and writing on the login server's database. Is there a way to optimize for this? Or should I do another approach entirely?
Try check useDbConfig property of model. Think, that it will be simpler if your sessions and users tables will be on the same database, then you will common user database and sessions. So, you will not require to implement SSO.
I am currently developing a business application that will ultimately be hosted at a .Net hosting company. The hosting company provides 1 MSSQL DB (with 2 users) and an unlimited number of MySQL DBs. Purchasing a second MSSQL DB is out of the question as my boss doesn't want to pay any more for the hosting. I am trying to determine the best place to house the ASPNETDB for site authentication and roles.
My first thought was to take advantage of one of the MySQL DBs for this purpose but have noticed that it appears to take some hoop jumping to accomplish this option. Another option may be to keep the ASPNETDB in a Express DB file.
Finally, I have also thought about housing it in the MSSQL DB with the application tables. This option scares me because if I accidentally screw something up in the application, the ASPNETDB tables could be open to SQL injection. Of course, I will do my best to ensure this won't happen anyway, but would like to know I have that extra layer of security knowing it is housed in its own DB.
The hosting company does allow two MSSQL DB users, so this in theory would allow me to have one user dedicated to authentication and restrict the other user from being able to access the ASPNETDB tables all together.
As a fellow developer, what method would you recommend? Thanks in advance for your help.
Use the MSSQL DB and use the preconfigured ASP.NET Membership provider and Roles provider. This is the easiest method. Restrict Table level access and use only Stored Procedures.
Sounds like you are a bit green to this stuff, am I correct? Because of that dont create too many headaches for your self. Dont try to put it in mysql, thats a mistake. I know its free, but it was written to work with MSSQL. Yes, using the other user is a good idea. Just be sure to sanitize your inputs and use properties on your SQL statements or better yet use an ORM like entity framework or Linq to SQL at the least.
I just realized that there is no best way to hide MySQL string connection password in my executable file, especially in JAR file. Even encrypting it in EXE would only slow down the process (although I'm not sure how much time would it take to get an encrypted password from an EXE file).
So, from my understanding, I need something in the middle that would do the add, edit, delete etc to the database. Seems like a job for REST API or maybe SOAP services.
My question is, which one should I use? Or should I use something else? I was thinking Zend Framework to create those REST APIs. Then, I would use Qt to create a desktop application to call those APIs. But if I proceed with REST, my application would be a 3 tier application. Wouldn't it be better if I just create a web application? Maybe I should just stick to desktop application call those APIs since the application is already finished and I just need to change from connecting directly to MySQL to calling those APIs to perform tasks rather than changing the whole application to a web.
Any advice would be very helpful. Thanks in advance.
UPDATE:
I'm looking for a security that would protect my MySQL password connection.
Obfuscator would only obfuscate the code, it won't hide my string database information which In my opinion can be easily found using grep after decompiling the JAR using tools like JAD.
About my application:
Using a centralized MySQL database
Thousands of user
Contains sensitive information
My client uses Linux and Windows
My server uses Linux
All access are done in LAN, no outside connection (from Internet etc)
My current solutions (comments please):
Using REST APIs (safer since MySQL password is in the server)
Using Qt with encryption to the password
It depends on what kind of security are you looking for. Is this to protect the application from the user? To protect the user's data from other users? To protect multiple users' data from one another? To protect the user's data from an attacker?
In a lot of applications there's nothing wrong with storing the database login credentials in plain text. In other cases, you might try:
encrypting a user-chosen database password using a reasonably strong algorithm, e.g. Blowfish, using a hard-coded key;
having the user provide the password and "log in" to the program each time;
storing the database password in plain-text, but encrypt the data using a hard-coded key;
same as the above, but encrypt each user's data using their own provided password;
same as 2 but store each user's data in their own database with their login info as the database credentials;
storing the data on a secure remote database that users have to log into to access via a SOAP API;
using the native filesystem permissions to protect the configuration file holding the login credentials;
same as #1 but rolling your own really elaborate key-generation system: e.g. run the machine SID or a hardware id through MD5 using a randomly-generated salt, and then using the result to encrypt the login credentials.
Remember, there's no such thing as perfect security, so whatever you settle on doesn't need to be unbreakable. It just needs to be tough enough to break to make the hassle of circumventing the security mechanism exceed the value of the data. So, for example, if the data is a list of the top scores in Minesweeper, then ROT13 would probably be enough.
Edit:
I just want to add that, even if you can't get around having to hard-code an encryption key in your application, there are obfuscators for Java, .NET, and most other popular languages/frameworks. One of the key uses of these tools is to hide sensitive hard-coded strings like encryption keys.
Edit 2:
Given the additional details about the app in question, only 1, 6 and 8 would apply in this case. And a SOAP API is more appropriate for #6 as George rightly pointed out.
I also want to mention that there are Java resource obfuscators that encrypt string literals. This is just one example.
It pretty much depends in what environment your app runs
a) db and client local
b) db and client in a local network
c) db is in the internet
my two cents:
a) I would create a single db user and wouldn't use a password but restrict acces to localhost
b) direct connect to the database is fine but I would each user have to login with his own password and grant only the permissions he needs.
c) It's a bad idea to allow mysql connections to a public server. In this case webservices would be a good solution.
Anyway if your case is b or c I would stick with a login dialog for the user.
Maybe you should have a look at this http://www.greensql.net/ tool.
It is like a firewall but for mysql/postresql
So you can deny anything and only allow queries you want to.
If you are using Java for implementing your database desktop application, I would recommend to use Java DB as the database. There is a few ways of securing it, and there are alternatives to having a password in the connection string. I would recommend to read Java DB Security - Security Features in Java DB Release 10.4
It is easy to deploy your application with Java DB, since you can have much of it embedded in the same jar file. I have used it in a Point of Sale application implemented in Java.