Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Connecting to a MySQL database on my website from a computer program remotely?

MythicFrost said:
The panel I used was under Remote MySQL in CPanel, not in the MySQL database section. Would adding myuser@% work? or should it just be %?
The default one in there (which I used as an example of how to do it) was xxx.xxx.x.%.

I'll try just % sometime, in fact, do I even need to do this if I'm using a web service? I don't think so.
Click to expand...

Since the only MySQL client you want is from your PHP, which is running locally, definitely do *not* allow other IPs to connect!

http://mydomain.com/web-service.php?user=myuser&pass=mypass

So, how would I prevent users from navigating there? And just manipulating it via the URL to check if a username exists, that could be bad, very bad.
Click to expand...

Simply put, you can't. However, if you are just returning a plain "true" or "false", an attacker would not know if the username or the password was incorrect, so you aren't exactly giving away usernames.

Also, you can pass in a token/pseudo-private key. What I have done before is send the md5 output of their IP address, or the date, or something specific to that connection, and usually send it through a strrev or something. This just makes it more difficult for someone to reverse engineer your web service. Get creative!

You can also look at basic encryption and encrypt (not hash, like md5!) the username and password before sending.

I've written my web service now, I'm just curious what I have to do to return the result?
Click to expand...

echo! :)

Is the line "sText = sResponse.ReadToEnd()" returning the HTML content output on the page?
Click to expand...

Yes, but since you are sending just plain text, you won't get any HTML.
 
MythicFrost said:
Code: 
        Dim wbRequest As WebRequest = HttpWebRequest.Create("http://www.mywebsite.com/web-service")
Click to expand...

Oh yes, and don't forget to use HTTPS! That may come with its own challenges in VB, but it is critical! Otherwise you are definitely sending the username and password in cleartext and available to anyone sniffing the traffic on the network. (which is not hard to do whatsoever)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back