Connection to MySQL

[Huendin]

I figured out how to get my vb program to connect to my database. The problem I was having is that I didn't realize I had to go into cpanel and give my IP access to connect to the database. Alright, here's the new problem.

I'm trying to create vb.net login code that I will put into all of my applications I create. The goal is to, when the user opens up my program, have him have to get a successful login confirmation from a remote mysql database. The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases?

I'm sorry if this is the wrong section to post this in.

[Smarter]

Well, first you should get the MySQL .NET Connector from http://dev.mysql.com/downloads/connector/net/.

Code Select Expand


public class Db
    {
        private MySqlConnection sql;
        private string connectionString;

        public Db(string server, string username, string password, string databasename)
        {
            connectionString = "server=" + server +
                ";persist security info=True;user id=" + username +
                ";password=" + password + ";database=" + databasename + ";";
            sql = new MySqlConnection(connectionString);
        }

        public string getString(string table, string column)
        {
            string query = "SELECT " + column + " FROM " + table;
            MySqlCommand cmd = new MySqlCommand(query, sql);
            MySqlDataReader rdr;
            sql.Open();
            rdr = cmd.ExecuteReader();
            string ret = "";
            while (rdr.Read())
            {
                ret = rdr.GetString(column);
            }
            rdr.Close();
            sql.Close();
            return ret;
        }

        public void setString(string table, string column, string value)
        {
            string query = "INSERT INTO " + table + " (" +
                column + ") VALUES('" + value + "')";
            MySqlCommand cmd = new MySqlCommand(query, sql);
            sql.Open();
            cmd.ExecuteNonQuery();
            sql.Close();
        }
    }
- A few DB Commands

Code Select Expand


            Db database = new Db(c.GetKey("sqlServer"), c.GetKey("sqlUsername"),
                c.GetKey("sqlPassword"), c.GetKey("sqlDatabaseName"));
            AddChat("Retrieving Clan Information...", Color.DarkOrange);
            AddChat("Clan Name: " + database.getString("config", "siteName"), Color.Lime);
            AddChat("Clan Website: " + database.getString("config", "siteAddress"), Color.Lime);
            AddChat("Clan Tag: " + database.getString("config", "clanTag"), Color.Lime);

Hope that helps.

[NicoQwertyu]

The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases?

Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.

[Huendin]

Thank you very much for the extra commands Smarter. Yeah after a half an hour or so on google I finally figured out I needed that and got it installed.

..and yeah I think I'll compromise the security a bit. Thanks.

[Hell-Lord]

http://www.connectionstrings.com/?carrier=mysql

[Huendin]

So the Connector/Net only needs to be installed when coding this file. People that use the executable I'll create won't need to install it too, right?

[Hell-Lord]

No, you will need to distirbute it with your application.

[warz]

Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.

Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization.

[Huendin]

Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.

Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization.

Ahh I'll change that right now to only SELECT authorization

About that Connector/Net Installation..I thought all you had to do was provide a .dll. Is there anyway to get past having to have people, that use the .exe, install the connector/net?

[Smarter]

No, you will need to distirbute it with your application.

Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector.

[Huendin]

No, you will need to distirbute it with your application.

Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector.

He probably had the connector installed. I'm guessing the DLL in the bin folder substitutes for people having to install the whole thing.

[Huendin]

Oh yeah. Putting "MySql.Data.dll" in a bin folder, that's in the same directory fixed the issue of having to have people install the whole thing. I don't know if anyone cares. You probably all knew this, but I'm happy I figured it out lol.