Single Sign On with Cakephp - mysql

I'm working on a bunch of cakephp apps that are all services that you have access to when you login to the main website. Each app will be hosted on a separate server, and there will be a separate login server as well.
Doing the research, I found Cakephp supports writing sessions to a database, http://blog.jambura.com/2011/08/24/should-i-use-database-for-storing-sessions-in-cakephp/
And also it supports having multiple database connections,
http://bakery.cakephp.org/articles/mithesh/2008/09/02/talking-to-multiple-databases-from-single-cakephp-application
So I was considering the possibility of storing the sessions on the login server, which the other websites all access, and then they all use their own databases for the rest of their data. It seems like it would be simple to implement, but I have concern that there would be too much reading and writing on the login server's database. Is there a way to optimize for this? Or should I do another approach entirely?

Try check useDbConfig property of model. Think, that it will be simpler if your sessions and users tables will be on the same database, then you will common user database and sessions. So, you will not require to implement SSO.

Related

Connecting re-frame app to a Database

I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
In other applications I've written, I've had to add the database specifications (username, password etc) into profiles.clj. Should I create profiles.clj and add the location of my database there? And does this mean I have to update the project.clj as well?
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs.
I apologise if these questions are trivial but after reading the documentation several times I am still a little confused
re-frame is a framework for building client-side web applications. You won't be able to do generic database queries as most databases don't support direct access from a browser.
I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
You probably need to create a middle API tier that accepts REST requests from re-frame, and queries the database, returning JSON back to the client.
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs
Those are probably queries to your API tier? They can live anywhere that you would like.
One thing to clarify: re-frame has an app-db that it uses and refers to. This is a client-side database of local state that lives in your application. It doesn't have a connection to the backend, at least not without you writing more code for it. It sounds like you might be confusing these?

How do I add a way for members to join/Log in and have profiles to my website if my SQL server doesn't have the option for more than the one database

I was looking into how to add a create user account/login to my website, so I could have members join and come back, etc and ended up finding out in order to do that, I'd need to create a new database in my SQL, to store the users credentials, I dont have the option to create any new databases by my webhost. Only the one database is what I can use. Could I just add this to my existing database? Do I really need more than 1 database on SQL for my website? If so, could I add another SQL server direct on my computer and use both, Mine and the web host one where I'm creating the site to manage my website? Im sorry for the few questions, Im really new to all this and so confused and overwhelmed.
You can create multiple tables in same database.just make a table with fields such as user id,password etc. and use it for saving,fetching user details using sql queries.
Could I just add this to my existing database?
Yes, you can tables to the existing database.
Do I really need more than 1 database on SQL for my website?
There are a lot of websites that use just one database. Some websites use connections to multiple databases. What information is stored in which database is frequently the result of factors other than the website. The ability to connect to multiple databases means that a website could use authentication/authorization info from one database, store user profiles and submissions in another, and read information from other sources (for example, historical stock prices, stored in another database.
All of that information could be stored in a single database. Having them as separate databases means that the databases can be managed separately (frequencye of backups, replication to DR site) and makes it easier to share the database across multiple applications. (For example, we would probably want employee payroll and health care information stored in a separate database, with separate access controls.
Could I add another SQL server direct on my computer and use both, Mine and the web host one where I'm creating the site to manage my website?
It may be technically possible to do that, but that's not the way you want to go. That would add another dependency... the website at the web hosting provider would be dependent on having access to another database, which is not being backed up and managed along with your website.

Visibility of databases in cloudbees?

I'm looking into using CloudBees for some application prototyping. I am using free accounts right now, I am not paying any subscriptions at the moment.
The first step for me is to create a MySQL database to host my application's data. I've done so (and it was pretty easy!). I also use Liquibase to manage the database (I've started this work using local H2 databases for the pre-prototyping), and I've been able to construct everything as expected.
As part of checking whether liquibase created the tables, I brought up the MySQL database in NetBeans. And, it did function well. But I can also see other schemas as well as the schema I just created. They're all innocently named (test, test_6hob). But, I can see the tables and view their data.
My question is around the visibility of the data that's in the CloudBees database. Is the database created for the free accounts viewable to other people connecting to the same machine? Does this change if I use a paid account? Or is it more the nature of how the database was created? I can see other schemas (and their data) but I have no idea if other people can see mine? Is there a permissions-aspect I need to ensure I set? I've fairly ignorant with the inner-workings of MySQL.
While this is a prototype, were I to move into using CloudBees for production applications, I wouldn't want the data to be visible to anyone who happened to connect to the same database as my application. It's entirely possible that I'm missing something in this new cloud world. :)
Thanks for any info
All CloudBees MySQL databases are secured separately (although will be in shared instances unless you have a dedicated server) - they are not readable by any other account by default.
However, it is possible for the database owner to grant access to users from other accounts on that same database server if you really wanted to - even though it makes very little sense to do so (and your special user configuration will be lost during a failover).
So this is what has happened for the test databases that you can see - the database owner has opened up security on those databases / tables.
This question is probably off topic but i'll bite anyway. The database data is private to your account. Actual hardware/vm's maybe shared but the data/database is not.

Best Place to House the .Net ASPNETDB Membership and Roles DB

I am currently developing a business application that will ultimately be hosted at a .Net hosting company. The hosting company provides 1 MSSQL DB (with 2 users) and an unlimited number of MySQL DBs. Purchasing a second MSSQL DB is out of the question as my boss doesn't want to pay any more for the hosting. I am trying to determine the best place to house the ASPNETDB for site authentication and roles.
My first thought was to take advantage of one of the MySQL DBs for this purpose but have noticed that it appears to take some hoop jumping to accomplish this option. Another option may be to keep the ASPNETDB in a Express DB file.
Finally, I have also thought about housing it in the MSSQL DB with the application tables. This option scares me because if I accidentally screw something up in the application, the ASPNETDB tables could be open to SQL injection. Of course, I will do my best to ensure this won't happen anyway, but would like to know I have that extra layer of security knowing it is housed in its own DB.
The hosting company does allow two MSSQL DB users, so this in theory would allow me to have one user dedicated to authentication and restrict the other user from being able to access the ASPNETDB tables all together.
As a fellow developer, what method would you recommend? Thanks in advance for your help.
Use the MSSQL DB and use the preconfigured ASP.NET Membership provider and Roles provider. This is the easiest method. Restrict Table level access and use only Stored Procedures.
Sounds like you are a bit green to this stuff, am I correct? Because of that dont create too many headaches for your self. Dont try to put it in mysql, thats a mistake. I know its free, but it was written to work with MSSQL. Yes, using the other user is a good idea. Just be sure to sanitize your inputs and use properties on your SQL statements or better yet use an ORM like entity framework or Linq to SQL at the least.

AIR application design

I would like to make some AIR application which would be used for tracking jobs inside a company.
The idea is to create some database which will handle all the data and, when other users form other computers modify data, it is always saved on that same 'server'.
So, more than one user can edit same database, and it would be great if all the data is constantly 'refreshed' (if one user edits and saves data, on other users' computer data is instantly updated). Application would be used only in local network.
I have some data in Excel, so I also wonder if AIR can handle it somehow? Or is it better to re-structure the whole db?
So, which kind of db should I use? I've read that AIR likes SQLite very much, which would be good because I work with MySQL...
Is AIR (in combination with SQLite) able to handle ALL my needs (working over network, sharing same db, refreshing data, creating server/client applications or something, etc.)?
Thank you very much for any thoughts!
m.
There's no restrictions on what database you can use. My advice would be to create an interface in PHP or ASP or whatever language you prefer (since the Database is on a server elsewhere, you'll need some sort of network connectivity anyway), and send all requests and modifications through that.