i am creating an application with client-server architecture in java. What i am trying to achieve is a simple client-server architecture connected via LAN with a ethernet switch, the server is having a server module of application running and also having MySQL database, the clients do their processing and submit results on server database, database also used for authentication.
the Server would be the only machine in network that will be connected to WAN through any ISP, the IP address of server machine cannot be guaranteed to be static, in this condition how the clients may connect to the server database? As the IP address of server is fluid..
One more doubt is that i've to authenticate the clients also on the basis of there IP addresses (or it may also be physical MAC address, if simple to implement), i've a table in database that the server admin can update and stores the IP addresses of valid clients, now on connecting via LAN what will be the IP addresses allocated to the machines to be stored in database and will they be static? i've googled for this but did not found relevant answers...
I hope i am clear with my question .I am sorry if the question is not related to stackoverflow,but it contains programming with database and networking too.
Thanks.
As I see it you have a few separate problems:
1. The IP addresses on the client machine are probably NOT static - a very high proportion of users are allocated dynamic addresses by their ISPs
2. There is no way to reliably connect to your Server as it has no static IP address.
The first problem can be solved by using the MAC address as you suggest (although this is easy to spoof if an attacker wants to) or some locally stored access keys.
The second is much more difficult (and really the reason why we have static IP addresses) - you need to use a VPN or some kind of forwarding service which does have a fixed IP afaik.
Related
We currently have a Public API to be used by our Business' current and future clients. Due to flexibility purposes and capability for our client's systems to interface with ours, we currently have our MySQL Database IP and Port on Wild Card access so as to not encounter any restricted access issues.
Question is, due to security concerns, would it be possible to restrict the MySQL Database's Server IP and Port to not be accessed directly by third party clients but only via the Public API? My instinct says no, but I don't have much experience in the way of Public APIs nor Public Access.
When an API User sends a query on our database, does it identify it via the API Host's IP (our servers?), or via the Client Computer's IP?
Thanks!
It's considered a bad security risk to expose MySQL's port directly to external clients. MySQL supports TLS but doesn't enforce it by default. So you're at risk of unauthorized clients invading.
For this reason, it's much safer and more recommended to run your own API server, as you mentioned. The API server is the only one allowed to connect to MySQL. Typically network routing is configured to prevent any contact to the database server except from the API server.
MySQL would therefore know nothing about the client's IP address. As far as MySQL is concerned, your API server is the only IP address it knows about.
The client IP address would be known by your API server and http server, and if you have load balancers or firewalls, those too.
The "users" associated with your third-party clients aren't necessarily mapped to distinct users in the MySQL authentication system. Actually, it's more typical that the API server uses a single MySQL user to authenticate all clients. Once connected to the database, your code would look up the client's "user" as a further authentication step. In other words, you would store a table in your own database with user credentials, and you would implement code to check passwords and so on. This is distinct from MySQL's own authentication system.
Alternatively, you could write your API service to use SAML or Oauth2 or equivalent federated authentication. The API service would still need to authenticate to MySQL, but the client's identity would be provided by the Oauth2 authentication.
I'd like to know how to connect the client pc in a outside network for example a WAM network, i have my database in my pc and i use this like the server. I know how to connect mysql with another client computer inside the LAN network but i dont know how to do it like the other way.
if you don't understand something make me know.
PD: sorry for my english is my first question on a english forum
Ultimately it works exactly the same way - you need an IP address and a port to connect to your database on. You can either do this by setting up port-forwarding at the firewall on the network with the database server (basically, forward port 3306 to the LAN IP address), or by giving the database server a publicly available static IP and then opening port 3306 in any firewalls. Alternatively, you can set up a VPN to the network with the database server, and connect through this. If done right, the VPN option is much more secure.
However, you should ask yourself why you want to do this. Is your idea to have a client software that directly connects to the database? This is not a great design - it's usually better to have a backend database that is accessed via a frontend API (e.g. a RESTful API or similar). Among other benefits, this can give you much better (finer-grained) access control to the database.
Your MySql server should have a firewall rule to accept outside connection on MySql port (default is 3306). Best setup should allow connection from your clients WAN address only.
Then, your C# connector will be able to connect just the same as in LAN.
How to connect MYSQL Database of epizy.com (which is free database provider), to www.mydomain.co.in (which is purchased domain)
Can we connect it!
Have a look what the error is showing here
You need to have hosting first
If your website hosted and working with database on the free host you have mentioned, then you can connect your domain by changing the DNS A records, you will have an IP address which you can browse your website through, copy this IP address and then add it to the domain setting under A/AAAA Records in the DNS manager, after that you may need to wait up to 72 hours to see your website live on the new domain
There are certain free database hosting provider which provides remote access to their database.
Remote access here signifies all the requests made to the database are
originated from their own hosting server (eg, using their hosting
service for php, jsp etc) or any other hosting service provider.
But if remote access is not allowed means all request trying to connect database will be discarded if it's been made from other than their own servers.
So, irrespective of you correct ID and password to the database, you cannot connect to it remotely if blocked by the provider.
000webhost.com, comli.com are such providers for PHP based site
hosting, and, eatj.com is best for testing a Java hosted sites (but
for 11 days trial is only free) all above provider provides free
database hosting.
Turn on error reporting to know exactly what is going wrong.
Or change local host to the websites SQL server
You must have IP for free database provider then you can set this IP as your database HOST.
Also the remote access must be allowed by the server if it is not allowed you can not access your database from different server. Please ask your server support to enable it.
We have developed a client app and a server app. The client communicates with the server using the http protocol and sends some data to be processed by the server.
Our structure allow us to have the server installed anywhere. I can be on the same client network or even on the cloud.
When the server is hosted on the cloud, it makes sense asking the user for the server address (since it can change if the user wishes to) but it does not make sense when the server is on the same network that the client. Besides that, we are currently asking users to configure the server ip/name in order to connect to the server.
To avoid this (asking users for the address) I have developed a discovery service based on UDP. The client broadcasts a message that the server answer with its address. It does work on some cases, but it does not when the user has some kind of firewall, proxy or even an anti virus.
I have read a lot about discovery services, and the one that a like most is Bonjour.
So, the question is: what is the best way of discovering a server's IP when the server is on the same network that the client without being blocked by firewalls, proxies, etc?
You can keep your service purely local (in the intranet) and build on top of what you are using now by implementing hole punching. You can get past firewalls, but Im really not sure about AV software policies.
Or you can establish a well-known http-based discovery service in the internet.
A server comes alive, sends its (local) ip address to the discovery service (keeps sending keep-alives)
On startup, the client queries that discovery service, identifies the local subnet he is in, and gets back the local ip address of the server.
That of course creates a single point of failure in your system in that if the discovery service kicks the bucket, your clients cannot find servers. You can remedy that by replicating the service and/or introducing fallback mechanisms (like the purely local discovery you have), which you probably want to do anyway. The only problem you might have is the subnet identification, if computers in local subnets dont share external IP addresses (then it depends on what a local subnet is for you).
We have a building full of computers, each of these computers has a number of ODBC connections setup pointing at a MySQL server at a certain IP address.
We want to move this MySQL server to another machine and we are wondering if there is a way to set something up at the original IP address to redirect any ODBC connections pointed at port 3306 to the new machine.
Some background, both the old and new servers are Windows Server 2003. The MySQL server is part of a legacy system, we are replacing this with a SQL server but the MySQL needs to remain operational for the forseeable future.
The alternative is to spend a day going around each computer and amending the ODBC connection strings, which I will do if I need to but thought I would ask on here first.
Thanks
You have a few options, most of which are network related, not software.
In the future, consider using a hostname rather than an IP address for configuring your ODBC settings. This allows you to utilize DNS to resolve a hostname to any IP address that you want.
Besides that, MySQL proxy may be what you are looking for.