Re: SQL beginner help
- From: "justin" <justin.creasy@xxxxxxxxx>
- Date: 9 Feb 2007 07:43:17 -0800
On Feb 8, 6:32 pm, "Jon Slaughter" <Jon_Slaugh...@xxxxxxxxxxx> wrote:
I have SQL Express installed and I can access it using C# and SQL connection
manager but I'm confused on how to use this for my application.
What I want to do is host a database on a web server(which uses mysql) that
stores information for users.
I have no idea how SQL works except for a very basic understanding of
databases. What I was going to do was write a C# application that accessed
the database and let the usuer query the database that way. But now I'm
concerned about security and stuff.
A friend of mine told me that essentially I have to write an intermediate
server that sits between the SQL database server and the client so that the
client cannot ever get any direct access to the database. Is this true? If
so then how do I create such a program as it would require the isp to run
the program(which is highly doubful that they will?). It also seems like
twice the work as essentially it would just be a front end on the SQL
database.
Basically the database will just store information(obviously) and the user
will use some interface to access the information(which is about books). I
was thinking about using a web interface instead of an application since it
would be easier but I do need to access the clients computer and I don't
want to use java to do this.
Basically the database is for books sorta like CDDB but different than the
book information databases around now.
What I'm asking is how does one programmatically interface with an SQL
database? Obviously not through scripts and its usually done transparently
but I don't know if they are dynamically creating the scripts and sending it
directly to the server or if there is some other means?
Like when I access a webpage that displays information that obviously comes
from a database, is there a php or javascript that gets the information from
the sql database and displays it or does it go through some intermediate
server for security reasons?
The whole reason is simply that I don't want to have some users having full
access to the database and ruining it by adding wrong information or
deleting it. I want to keep track of which user did what so they can modify
what they have added but not change what someone else has done. I have no
idea if this is handled by SQL directly or if I have to write a front end to
do it? (and the front end is the only thing the clients see)
Thanks,
Jon
OK Jon, that was a lot of info, so I'll try to cover it all. I'm
coming from a very similar background, C# developer who had to learn
SQL databases to do some projects.
SQL Express will be good practice for you, but your final product will
not use it if the server you're connecting to has MySQL. I haven't
used MySQL before, but it shouldn't be a huge change to your code. You
will just use a different DataAdapter.
Now, as for how to create your product. It seems like a web interface
will be the easiest thing for you. It might not be as familiar as a C#
application, but it's better suited to your goals. The biggest thing I
got from your post is you need to balance the effort you're putting
into this and the functionality you need. You mention very specific
security needs. To have a user have control over things they add, but
not have control over items other people add is possible, but it is
significantly more security work.
In SQL Server you have security "groups" and users can join one or
more groups. So a certain group may have read + write access over one
table while another group only has read access. I do not know if this
is how it works in MySQL or not. To accomplish your goal of users
having access to only certain rows in a table is going to require some
server-side code outside of the group security to determine if the
user should be able to access a certain row.
If you decide to do a C# application instead of a web interface, you
do not HAVE to create code to run on the server, but in the end it
will be much more useful. If you don't, then each user who is running
your app will have to have security access to the instance of SQL
Server (again, could be different in MySQL). So you would either have
to have an account in the database for each user, or set up general
user accounts that the many users share (this can be done in code so
they wouldn't know their account details). Then in code you would make
a connection over the net to your database. If instead you're just
connecting to another app, and that app is handling all the
connections to the database then the security model is much simpler.
ok, I hope that helps. If it doesn't please post some response
questions. Sorry that I don't know anymore about MySQL, there might be
some better groups to post MySQL specific questions. Good luck!
.
- Follow-Ups:
- Re: SQL beginner help
- From: Jon Slaughter
- Re: SQL beginner help
- References:
- SQL beginner help
- From: Jon Slaughter
- SQL beginner help
- Prev by Date: disallowpagelocks and Optimizations Maintenance
- Next by Date: XML Index & Regular Index
- Previous by thread: SQL beginner help
- Next by thread: Re: SQL beginner help
- Index(es):
Relevant Pages
|
Loading
