Sign in to follow this  
levjs

[web] More(hopefully last) SQL Problems

Recommended Posts

levjs    466
Hi, So I've got the C MySQL up and running, and I'm almost done with this whole mess of a project, but now I'm running into some trouble. What I want to be able to do, is connect to a SQL server on my site http://www.backyardproductions.org/ hosted by OLM.net from my customers computer. Now, the problem is, I can't seem to get the host right. I'm using mysql_real_connect, and for the host I've tried a mutliple thing of things, and none of them work. When I put "backyardproductions.org", I get an erorr: Access denied for user username@adsl-074-229-240-227.sip.bhm.bellsouth.net(bellsouth is my ISP). Does anyone know of something I should try, or if there is a different way to connect remotely? Thanks so much. Levi [Edited by - levjs on May 17, 2006 10:14:35 AM]

Share this post


Link to post
Share on other sites
Terlenth    300
You more than likely have to download the driver that allows remote connection of SQL statements, though that wouldn't necessarily explain the error.

Is the SQL server on your website set up to receive connections?

Share this post


Link to post
Share on other sites
Terlenth    300
Well if it is set up on a Windows Server then there is normally a graphical setup that you go through that will have the options, you then need to run the server to get it to run.

On a linux server is a little more difficult to set up, you need to specify a number of option (I can't remember off hand, but will look it up if I can find it) and then again will have to run it.

The key thing is that it has to be actually running in the background to be accessed (unless I'm missing a specific kind of way). I'm also somewhat assuming you are using MySQL as the server?

Share this post


Link to post
Share on other sites
evolutional    1393
Ask your host the IP address of the MySQL server and connect to that. You'll probably need to authenticate with the User/pass they give you (usually the same as your hosting account).

Share this post


Link to post
Share on other sites
levjs    466
Ok, I contacted my host, and they set it up for remote access(it is disabled by default). So now it's working. One more question. This is a C++ program I'm going to distribute to my customers. Obviously, the password and username to my account has to be in the code. My question is, is there anyway somebody could decompile it and get my password? Thanks
Levi

Share this post


Link to post
Share on other sites
Terlenth    300
Quote:
Original post by levjs
Ok, I contacted my host, and they set it up for remote access(it is disabled by default). So now it's working. One more question. This is a C++ program I'm going to distribute to my customers. Obviously, the password and username to my account has to be in the code. My question is, is there anyway somebody could decompile it and get my password? Thanks
Levi

The answer is yes. That is if they know what to look for, from everything I've seen decompilers are hard to decode variables at best.

If you are worried, see if you can make it so that there is only access to the server's database.

Edit: Here's a presentation that was from my Software Engineering class on Reverse Engineering, it talks about decompilers a little. It is not very indepth explaination, but it gives you an idea.

Presentation

[Edited by - Terlenth on May 18, 2006 9:13:51 AM]

Share this post


Link to post
Share on other sites
levjs    466
Quote:
Original post by Terlenth
Quote:
Original post by levjs
Ok, I contacted my host, and they set it up for remote access(it is disabled by default). So now it's working. One more question. This is a C++ program I'm going to distribute to my customers. Obviously, the password and username to my account has to be in the code. My question is, is there anyway somebody could decompile it and get my password? Thanks
Levi

The answer is yes. That is if they know what to look for, from everything I've seen decompilers are hard to decode variables at best.

If you are worried, see if you can make it so that there is only access to the server's database.

Edit: Here's a presentation that was from my Software Engineering class on Reverse Engineering, it talks about decompilers a little. It is not very indepth explaination, but it gives you an idea.

Presentation


Ok, so basically, if they try hard enough, they can do it. I didn't quite get what you were saying here. Thanks
Quote:

If you are worried, see if you can make it so that there is only access to the server's database.



Share this post


Link to post
Share on other sites
Terlenth    300
What I meant was, that if you are worried about someone accessing something they shouldn't, see if you can set up a priveledges based login that only has priveledges to see the specific things you want it to.

That way the only thing that you may have to worry about is someone hacking the database and relevant files that the specific loging can access.

Share this post


Link to post
Share on other sites
markr    1692
Quote:
Original post by levjs
Ok, I contacted my host, and they set it up for remote access(it is disabled by default). So now it's working. One more question. This is a C++ program I'm going to distribute to my customers....


I think you should use a middle layer between the client app and the database. Put in something (typically a http-based layer) which only allows legal valid operations and does all relevant security checks etc.

Otherwise, you're asking for trouble handing out the connection details to the clients. Moreover, you'll get problems when you want to change the SQL password etc, you'll have to put a new version out to the clients.

Additionally, MySQL is probably not configured for encrypted access (it still encrypts the password). Cracking the password from the client is easy as someone can build a modified version of the MySQL client library and relink it against that (by replacing the DLL). Even if you use a static one, they can still attack it in various ways, and ultimately determine it.

It's a really good idea to use a HTTP (Ideally HTTPS) middle layer which limits the operations and ensures that everything is legitimate.

Mark

Share this post


Link to post
Share on other sites
levjs    466
Ok. The only problem is, how do I know whether or not it's been validated.

If I understand what you're saying, I should have the program call a script on my site(how would I do this?), and then the script logs in and checks to see if the registration code entered in the program is correct, then returns it to the original program. How can I get this kind of interaction between scripts?
Thanks alot.
Levi

Share this post


Link to post
Share on other sites
levjs    466
CGI Scripts! Ok, so I need to write some CGI Scripts. : ) Sweet! See you back here when I have more trouble. [smile]

Thanks alot.
Levi

Share this post


Link to post
Share on other sites
levjs    466
How do I call CGI scripts in C/C++ programs?

Also, I seem to be getting a 500 Internal Error when I'm trying to run them, not quite sure why. Error message: Premature end of script headers: [script].cgi I've set the right permissions. Currently googling for an answer, but any you have would be helpful.

EDIT: I'm uploading it in ASCII format(taking the code, copying it into wordpad, and saving as script.cgi). It's in C++.
Levi

[Edited by - levjs on May 18, 2006 3:51:00 PM]

Share this post


Link to post
Share on other sites
markr    1692
A CGI program needs to be executable on the server it's running on.

So if you've got something.cgi, it needs to be a valid executable.

This means, if it's written in C/ C++ , that it needs to be compiled on (or for) that platform.

It WILL NOT automatically compile it for you.

Of course on Unix you can use an executable with #! at the beginning to indicate which interpreter to use (e.g. #!/usr/bin/perl or whatever).

But on any platform you can use a binary executable, provided it is compiled correctly and works.

Mark

Share this post


Link to post
Share on other sites
mx    122
ANYWAY, if i were you, i would not run CGI script inside some webserver environment -- i would rather make up some custom protocol (eg. XML based) with some protocol specific details (eg, header consisting of type and data size) and then parsing in it on client/server side, forming something like RPC service.
you can then create the solution that perfectly suits your needs (and don't have to bother with http specific stuff)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this