Slightly different database question today:
I am interested in online, remote database for my Android Apps
Is there anywhere (cheap/free) that I can use, or do I have to set up my own (I have a domain/website)
I know about Firebase, but that is NoSQL/document-database.
@ArmouredWizard Easy enough to set up your own. I'm using PostgreSQL under Linux.
Since it's already talking over a socket connection to the application program, remote access is just a matter of opening a port in the firewall and having a password.
In PostgreSQL there's a line in the pg_hba.conf file that enables remote connections:
IPv4 remote connections allowed from specified systems:
@AGMS00 I'm sure it would be easy if I knew 1/2 of those words!
I have set up a MySql on my domain before, accessed through php, but it was a while ago, and I didn't understand it back then!
I don't know if my host has postgres, or if it can be installed.
I am also wary about security concerns (I've seen too many problems with "oh, it'll be fine" !)
@ArmouredWizard MySQL should be a similar level of difficulty / easiness to set up.
Yes, there are security worries, so have passwords and separate database users (with limited permissions) for each App you write.
Anyway, there should be tutorials online for setting up MySQL / PostgreSQL etc. It helps if you control the server so you can adjust server firewalls etc. And of course, access to the router for port forwarding.
@AGMS00 I think you're still talking a couple of levels above where I'm currently at. Or we're talking about different things.
I write Apps for Android phones. I would like a publicly-available App that people can use to access a database. (for RPG/D&D character sheets and notes).
I pay for domain hosting, but am not sure what access I have/need for this.
What router?
@ArmouredWizard Oh, if you're using domain hosting by someone else, then they do the work of installing the database software and fiddling with firewalls and routers. I thought you were running your own server hardware. Paid services like https://www.heroku.com/postgres offer that.
You just get a database "user" and password, and can log on to create more sub-users, database tables, etc. There are even GUIs for that like phpMyAdmin for MySQL, pgAdmin for PostgreSQL, saving you from typing in SQL.
@ArmouredWizard Once you have that working, the same network connection that phpMyAdmin uses, is usable by your app to do SQL operations.
So it's convenient to try out queries in the GUI provided by phpMyAdmin, then once the SQL is perfected, use them in your app. Though use a sub-user with limited permissions in your app, in case someone hacks it.
@AGMS00 Will need to investigate how to get app to talk to it.
And if that's more, or less, trouble than using something else (someone recommended supaBase)
@ArmouredWizard Usually there's a library for database access already in your favourite language.
Under Windows, I used ODBC https://en.wikipedia.org/wiki/Open_Database_Connectivity in C++ where it was a matter of opening a connection object (specify network address, user, password), then doing queries and getting results returned.
Ruby on Rails is built around databases, so it's just a line in a config file with the address/user/password of the database, and the tables automatically appear as magic objects with query APIs.
@ascherbaum@ArmouredWizard Create a database sub-user for each registered user? Then all the pirates stomp on each other’s data if they use the same registration.
@AGMS00@ArmouredWizard Don't give the app direct access to the database, in the end that is hard to manage. Have some kind of access layer in front of it, if you really want to give the app direct database access. That layer is doing the authentication.
@ascherbaum@ArmouredWizard PostgreSQL has a pretty comprehensive database user permissions and an authentication system. And are putting some effort into security, https://www.postgresql.org/support/security/ Possibly safer from the security point of view to use it than write your own layer. Faster execution too. Though it means you have to keep track of database users tied to real users.
I haven't seen enough of MySQL and other databases to have an opinion about their security.
Registered users send in an e-mail address, the app vendor sends back a userid (or just use the e-mail) and password that the end user can use in the app.
At the same time, that userid is added to the database's list of users allowed access to things. Read only for global stuff like templates. Write access to a custom per-end-user table where they can save their stuff.
@AGMS00@ArmouredWizard You are still allowing an user into the database, with unfettered access. This is a recipe for denial of service, as the user can run an unlimited number of queries. At a minimum, you attract all kind of #crypto "users" which will abuse this for mining.
Guess why no one else is providing such a "service".
Add comment