.NET Platform | Connection to MySQL

Author	Message	Time
Huendin	I figured out how to get my vb program to connect to my database. The problem I was having is that I didn't realize I had to go into cpanel and give my IP access to connect to the database. Alright, here's the new problem. I'm trying to create vb.net login code that I will put into all of my applications I create. The goal is to, when the user opens up my program, have him have to get a successful login confirmation from a remote mysql database. The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases? I'm sorry if this is the wrong section to post this in.	April 13, 2008, 5:55 AM
Smarter	Well, first you should get the MySQL .NET Connector from http://dev.mysql.com/downloads/connector/net/. [code] public class Db { private MySqlConnection sql; private string connectionString; public Db(string server, string username, string password, string databasename) { connectionString = "server=" + server + ";persist security info=True;user id=" + username + ";password=" + password + ";database=" + databasename + ";"; sql = new MySqlConnection(connectionString); } public string getString(string table, string column) { string query = "SELECT " + column + " FROM " + table; MySqlCommand cmd = new MySqlCommand(query, sql); MySqlDataReader rdr; sql.Open(); rdr = cmd.ExecuteReader(); string ret = ""; while (rdr.Read()) { ret = rdr.GetString(column); } rdr.Close(); sql.Close(); return ret; } public void setString(string table, string column, string value) { string query = "INSERT INTO " + table + " (" + column + ") VALUES('" + value + "')"; MySqlCommand cmd = new MySqlCommand(query, sql); sql.Open(); cmd.ExecuteNonQuery(); sql.Close(); } }[/code] - A few DB Commands [code] Db database = new Db(c.GetKey("sqlServer"), c.GetKey("sqlUsername"), c.GetKey("sqlPassword"), c.GetKey("sqlDatabaseName")); AddChat("Retrieving Clan Information...", Color.DarkOrange); AddChat("Clan Name: " + database.getString("config", "siteName"), Color.Lime); AddChat("Clan Website: " + database.getString("config", "siteAddress"), Color.Lime); AddChat("Clan Tag: " + database.getString("config", "clanTag"), Color.Lime);[/code] Hope that helps.	April 13, 2008, 7:04 AM
NicoQwertyu	[quote]The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases?[/quote] Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.	April 13, 2008, 7:08 AM
Huendin	Thank you very much for the extra commands Smarter. Yeah after a half an hour or so on google I finally figured out I needed that and got it installed. ..and yeah I think I'll compromise the security a bit. Thanks.	April 13, 2008, 8:14 AM
Hell-Lord	http://www.connectionstrings.com/?carrier=mysql	April 13, 2008, 8:23 AM
Huendin	So the Connector/Net only needs to be installed when coding this file. People that use the executable I'll create won't need to install it too, right?	April 13, 2008, 8:29 AM
Hell-Lord	No, you will need to distirbute it with your application.	April 13, 2008, 1:07 PM
warz	[quote author=NicoQwertyu link=topic=17439.msg177605#msg177605 date=1208070486] Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability. [/quote] Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization.	April 13, 2008, 3:20 PM
Huendin	[quote author=betawarz link=topic=17439.msg177615#msg177615 date=1208100007] [quote author=NicoQwertyu link=topic=17439.msg177605#msg177605 date=1208070486] Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability. [/quote] Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization. [/quote] Ahh I'll change that right now to only SELECT authorization :P About that Connector/Net Installation..I thought all you had to do was provide a .dll. Is there anyway to get past having to have people, that use the .exe, install the connector/net?	April 13, 2008, 8:59 PM
Smarter	[quote author=Hell-Lord link=topic=17439.msg177613#msg177613 date=1208092025] No, you will need to distirbute it with your application. [/quote] Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector.	April 14, 2008, 2:11 AM
Huendin	[quote author=Smarter link=topic=17439.msg177635#msg177635 date=1208139110] [quote author=Hell-Lord link=topic=17439.msg177613#msg177613 date=1208092025] No, you will need to distirbute it with your application. [/quote] Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector. [/quote] He probably had the connector installed. I'm guessing the DLL in the bin folder substitutes for people having to install the whole thing.	April 14, 2008, 3:20 AM
Huendin	Oh yeah. Putting "MySql.Data.dll" in a bin folder, that's in the same directory fixed the issue of having to have people install the whole thing. I don't know if anyone cares. You probably all knew this, but I'm happy I figured it out lol.	April 14, 2008, 3:32 AM

Author

Message

Time

Huendin

I figured out how to get my vb program to connect to my database. The problem I was having is that I didn't realize I had to go into cpanel and give my IP access to connect to the database. Alright, here's the new problem.

I'm trying to create vb.net login code that I will put into all of my applications I create. The goal is to, when the user opens up my program, have him have to get a successful login confirmation from a remote mysql database. The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases?

I'm sorry if this is the wrong section to post this in.

April 13, 2008, 5:55 AM

Smarter

Well, first you should get the MySQL .NET Connector from http://dev.mysql.com/downloads/connector/net/.

[code]
public class Db
{
private MySqlConnection sql;
private string connectionString;

public Db(string server, string username, string password, string databasename)
{
connectionString = "server=" + server +
";persist security info=True;user id=" + username +
";password=" + password + ";database=" + databasename + ";";
sql = new MySqlConnection(connectionString);
}

public string getString(string table, string column)
{
string query = "SELECT " + column + " FROM " + table;
MySqlCommand cmd = new MySqlCommand(query, sql);
MySqlDataReader rdr;
sql.Open();
rdr = cmd.ExecuteReader();
string ret = "";
while (rdr.Read())
{
ret = rdr.GetString(column);
}
rdr.Close();
sql.Close();
return ret;
}

public void setString(string table, string column, string value)
{
string query = "INSERT INTO " + table + " (" +
column + ") VALUES('" + value + "')";
MySqlCommand cmd = new MySqlCommand(query, sql);
sql.Open();
cmd.ExecuteNonQuery();
sql.Close();
}
}[/code]
- A few DB Commands

[code]
Db database = new Db(c.GetKey("sqlServer"), c.GetKey("sqlUsername"),
c.GetKey("sqlPassword"), c.GetKey("sqlDatabaseName"));
AddChat("Retrieving Clan Information...", Color.DarkOrange);
AddChat("Clan Name: " + database.getString("config", "siteName"), Color.Lime);
AddChat("Clan Website: " + database.getString("config", "siteAddress"), Color.Lime);
AddChat("Clan Tag: " + database.getString("config", "clanTag"), Color.Lime);[/code]

Hope that helps.

April 13, 2008, 7:04 AM

NicoQwertyu

[quote]The problem is that, right now, it seems that I have to manually add IP's to the access list just to let login to the database. I was wondering if I set up a wildcard in the access list that allows all IPs(which in turn would allow anyone using my program at least try to login), would that compromise a lot of security to databases?[/quote]

Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.

April 13, 2008, 7:08 AM

Huendin

Thank you very much for the extra commands Smarter. Yeah after a half an hour or so on google I finally figured out I needed that and got it installed.

..and yeah I think I'll compromise the security a bit. Thanks.

April 13, 2008, 8:14 AM

Hell-Lord

http://www.connectionstrings.com/?carrier=mysql

April 13, 2008, 8:23 AM

Huendin

So the Connector/Net only needs to be installed when coding this file. People that use the executable I'll create won't need to install it too, right?

April 13, 2008, 8:29 AM

Hell-Lord

No, you will need to distirbute it with your application.

April 13, 2008, 1:07 PM

warz

[quote author=NicoQwertyu link=topic=17439.msg177605#msg177605 date=1208070486]
Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.
[/quote]

Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization.

April 13, 2008, 3:20 PM

Huendin

[quote author=betawarz link=topic=17439.msg177615#msg177615 date=1208100007]
[quote author=NicoQwertyu link=topic=17439.msg177605#msg177605 date=1208070486]
Yes, you can use a wildcard rather than specific IP addresses. Yes, allowing any IP address to access your server compromises security. However, that is how information security works; you need for find a balance between security and availability.
[/quote]

Thankfully this is possible with MySQL. Just create an account specifically for your application, which you should have done in the first place because I hope you're not coding your admin logon information into your application. Allow any host to connect using this account. Only give this account SELECT authorization.
[/quote]

Ahh I'll change that right now to only SELECT authorization :P

About that Connector/Net Installation..I thought all you had to do was provide a .dll. Is there anyway to get past having to have people, that use the .exe, install the connector/net?

April 13, 2008, 8:59 PM

Smarter

[quote author=Hell-Lord link=topic=17439.msg177613#msg177613 date=1208092025]
No, you will need to distirbute it with your application.
[/quote]

Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector.

April 14, 2008, 2:11 AM

Huendin

[quote author=Smarter link=topic=17439.msg177635#msg177635 date=1208139110]
[quote author=Hell-Lord link=topic=17439.msg177613#msg177613 date=1208092025]
No, you will need to distirbute it with your application.
[/quote]

Are you positive? I believe you ran my Nerve app and that coding I posted is in that app, and it uses MySQL Connector.
[/quote]

He probably had the connector installed. I'm guessing the DLL in the bin folder substitutes for people having to install the whole thing.

April 14, 2008, 3:20 AM

Huendin

Oh yeah. Putting "MySql.Data.dll" in a bin folder, that's in the same directory fixed the issue of having to have people install the whole thing. I don't know if anyone cares. You probably all knew this, but I'm happy I figured it out lol.

April 14, 2008, 3:32 AM

Valhalla Legends Forums Archive | .NET Platform | Connection to MySQL