Database not only local machine but available to anyone? - database

I need some advice regarding which database I should use.
I want to create a web application in Java EE and I need a database for storing some information.
I want to make it available not only from my personal computer. The Java code will be simple exported, but what should I do regarding the database?
Which database should I use in order to make it available to anyone?

Just about any modern, client/server dbms will work. If I were in your shoes, I'd try PostgreSQL first. The online docs have a full chapter on server configuration. Pay particular attention to "Connections and authentication".
Often a remote user will connect to an application (a web page, for example), and that application will connect to the database. Usually the application and the dbms run on different servers, in which case the dbms will accept connections only from localhost (for maintenance), the local area network (for company internal use), and from the application server.
Do some research before you decide to let the dbms accept connections from every IP address on Earth; that's a little risky.

Related

How is my MongoDB database secured from overwrite attacks?

I am a beginner React Native developer and am wondering how my MongoDB database (or databases in general) is secured from overwrite attacks. The way I understand is that users (clients) cannot see my code directly, but if they do see part of it (e.g. the server address) then they could write scripts and create actions themselves, overwriting my database. How is this prevented in practice? And, is it possible for clients to do see my code? I know there are 'private servers' in some MMORPGs so surely there must be a way to find out about the secret sauce (i.e. the application)?
if they do see part of it (e.g. the server address) then they could write scripts and create actions themselves, overwriting my database.
If you have basic security setup, they cannot write and read any data from your database.
Firstly, you must use authentication and configure permissions for each user. You also can use firewall for connections.
Scenario: servers are in the same data center
If your servers in the same data center, you can connect all servers with an internet protocol. Thus, the hacker/user cannot reach your database from outside since your servers are already communicating between them. (For that situation, you'd connect your database from local ip.)
Scenario: servers are not in the same data center
In this situation, you'd configure your firewall and open only specific ip addresses. If you want to make it harder, you can code RESTapi for your project. Thus, you only need to use special tokens for each request by servers.
Generally, MMORPG games are using separated setups for each continent. They basically use local network for communication but of course ,they are using more complex system compared to what I said.

What method is best for creating a online web accessible database?

I have been looking for a way to put a database like an microsoft access relational database shared among many people. You used to be able to create a web app but that's no longer supported.
I've heard powerapps is a solution but it looks like it is to be used only by phones or tablets?
I already have a office 365 account with access to multiple applications. Is there anything that can be used to create what I am asking using those services?
Or do I need to look into SQL databases?
You are correct that classic Microsoft Access is not web/browser based (after an attempt was stopped by Microsoft).
A browser based web database requires a back end database that supports the front end web server. In the Microsoft family that would be SQL Server behind IIS. This is all mainstream stuff - but an order of magnitude more complicated than classic Access. There are of course competing brands besides Microsoft - the most well known being the LAMP stack.
There exists a group of web database services, as an alternative: Knack, QuickBase, Zoho, etc. With these one must live with the User Interface and feature set they offer.
For a windows application (i.e. Access) with geographically separated users one would rely on the terminal services technology by deploying a Remote Desktop Server. This is primarily oriented towards internal users - not public facing.

How to get at the database schema of a hidden DB?

My customer is a dental practice that has bought a piece of practice management software. This software was installed on their local server, including a patient database, a schedule and all manner of medical records. Now they want me to write some utilities for them that aren't provided with their package, and for this I need the ability to query this database.
I tried calling tech support of the software manufacturers (Patterson/EagleSoft), and it's difficult finding anyone who understands the technology enough to answer my questions. As far as I can tell, there's no API for their software, and understandably they're reluctant to tell me how to query the DB directly, programmatically. They do have an interactive query window, but obviously that's no good for writing automated queries. All that they would let on is that somewhere there's a SQL Server DB, but the ODBC drivers to connect to it are SQL Anywhere drivers (huh?).
So I searched around on the server and couldn't find any database files. Then I discovered that the installation creates some kind of proprietary virtual machine, which is only visible to the EagleSoft software. But while they've been very good at insulating their DB in layers of obfuscation, they have left open an ODBC driver, which is indeed an SQL Anywhere connection.
Now after that fascinating and lengthy preamble, here is my question: What queries can I run over this ODBC connection to interrogate the DB as to its structure? If it's a SQL Server DB underneath I could use the sysobjects table, but I don't fully grasp how you can use a SQL Anywhere ODBC connection to connect to a MSSQL DB. And If they were misinforming me and it really is a SQL Anywhere DB underneath, what are the queries to run to get at the DB structure?
And if there's anyone else out there who's ever succeeded in actually querying EagleSoft (or any similar proprietary package) - please tell me how you did it!
Turns out the simplest way to do it was to write a little app using OdbcDbConnection, and connect using the DSN installed with the software. It took one probing 'select * from sysobjects' to reveal that it is, indeed a MS-SQL database underneath all that, and I'm good to go from there!
I'd use a tool like squirel which is great at browsing any database to check if anyone was successful with "SQL Anywhere" this google result:
http://blog.gmane.org/gmane.comp.db.squirrel-sql.users/month=20091001
Shows that others have managed to get squirrel to do this. It's quite easy to use... assuming of course you manage to get the connection working!
A few tools that might help are SQLWorkbench and Django. I use SQLWorkbench to copy the data from the production system into a Postgres database so I can hack on it without damaging the production environment. Then I use Django's inspectdb to generate models of the database environment. From there it's easy to create 'views' into the database and templates to display exactly what I want.
UPDATE: As of Eaglesoft 19, it looks like Patterson has password protected the database and they have gone out of their way to prevent users from getting at the data without paying them for access.
UPDATE: Like I mentioned before, Eaglesoft 19 has a locked-down version of the database. For read-only access you can call Patterson and ask them for the password to the "Database Admin" section of their "Technical Reference" tool that is installed on your server. Once you are in there, there's an option to set a read-only password for access to the database. The username is 'dba' and whatever password you set. Some times it takes a bit of back-and-forth with them to give you access, but my solution was to say "We've been putting patient data into Eaglesoft for over a decade and we've always had access to the database. Now you're restricting it and telling us we have to pay for access. It sounds like you are trying to extort money by holding our data hostage. I should probably run this by our legal team."
EDIT: Nov 18 2022: You can still easily get read-only access to an Eaglesoft database in 21.20.08 (the latest version) by calling Patterson and getting the "day password" for Technical Reference. From there you can enable a read-only user. Based on some of the changes Patterson is making to their application architecture and the database, I suspect they will stop using direct connections to the database in the next year or two. When they make that change, you will only be able to access the database through their API Server. After playing "phone tag" with one of their salesbros for several weeks and doing some light social engineering, I managed to get their price list for going through the API server. It's atrocious. Most offices pay ~$500/mo to Patterson for free tech support and free upgrades. They want developers to pay nearly as much per office for access to the API. They've realized they can lock practices out of their own data and monetize it. We are working with a company that is actively developing a replacement for Eaglesoft to get away from this horrible vendor lock-in.
I have written my own PHP driven website to access and manipulate data in my eaglesoft database. You simply create odbc connection to local DNS entry and done. To see database structure you can use the technical reference included in eaglesoft or advanced query tool.

Using SQL Server for WSS 3.0 instead of Windows Internal database

There are actually two related questions:
is it possible or advisable to use a full blown stand-alone SQL server for SharePoint Services WSS3.0 instead of the supplied windows internal database it comes with? The client I am working for is asking to utilize their existent SQL server for all WSS content databases to possibly minimize admin effort and improve performance.
As well, would you advise to install WSS on one physical server and the content database on another server? Any gain in performace? Practicality? ect. The default is WSS and all of its databases are installed on the same single server. We don't really need a farm setup of MOSS, because the WSS capabilities are enough for our needs.
Thanks,
Val
Yes, when you create the site check the installation to be a "Web Front End" It will then prompt you to select a location for the SQL database. Just point it to which server you want.
I would definitely recommend putting it on a non-Sql Express instance. The express version only scales to 4 gig, limits the maximum number of connections etc. If your client is going to do much with it at all, you will eventually hit that limit. Full blown sql server has other advantages too, like help with backups etc.
Yes and yes.
Keeping the SQL and WSS servers separate saves resources on both, and neither are light weight applications. It also allows you to easily begin clustered/distributed environment in the event your usage increases, as well as following a least privledge principle, keeping product patches separate, etc.
As an addendum, you say you don't need a MOSS farm because WSS fits your needs, but be aware that it's just as easy to setup a distributed WSS environment as is MOSS; MOSS only adds capabilities to the application. It's usually a good idea to have at least two WFE's in the farm, if for nothing else than redundancy in case of failure.
Yes you can use a 'full blown' SQL Server instead of the the free and limited SQL Server Express that is delivered with Windows SharePoint Services 3.0 (wss 3.0)
It's even better to separate the database and the actual website! More scalable (if you upgrade to MOSS), easier to manage and less security risks.

Use a own instance for SqlServer Express?

I'm currently developing an application that needs to store data in it's on database, I'm currently using SQL Server Express 2005 with Advanced Services (because we need full text search capabilities).
Local company lore says there have been all sorts of strange problems some years ago when two products used MS SQL Server with the default instance and they had interesting times cleaning everything up into making each application use a named instance.
As I can't remember the exact problems they had ... is it advisable for an application that has to run in a stable way without interference from some other application to have its database in its own named instance? If so, why? What additional isolation does that grant me as opposed to attaching the database to the default instance (or even use a watchacallit - user instance? - where you specify the mdb file location in the connection string).
Update:
The main concern I have is not performance/CPU - I'm talking about an application that manages Persons/Guests at the front desks of large organizations, think a hotel for example. I think even SQLite could easily handle the amount of data I need (disregarding some features like fulltext search).
My main concern is Customers installing stuff that interferes. From Mitchell's Answer and John's comment from it I think it is advisable to stay in a named instance - but if you have more reasons for that, please voice them.
A few things.
Using attached databases (User instance dbs) are a royal PITA for administrators to manage, as they must be attached to be accessible from SSMS and more.
Putting individual applications on their own named instances of SQL Server will create individual processes for each application, isolating resources and memory spaces for each.
Is it really necessary for each application to have its own instance of SQL Server? No, I would say typically it is not, unless it is truly 100% mission critical, however, if it is that critical, I would be surprised if it is running SQL Express.
I would recommend though from a maint. perspective that you use a standard database, rather than a user instance.

Resources