How to access a database from localhost?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Easytime
    New Member
    • Nov 2012
    • 26

    How to access a database from localhost?

    Dear Brothers,

    Thank you all for your magnanimous support in this forum.
    I need you to help me again on some issues.

    1. Similarly, is it possible to have a database on a localhost(my pc) and it could be accessed through the web, without the database file physically stored on the WWW web server? If it is, how? Cos, I'm only using a paid hosted domain.
    I want to design a facebook-like app but I want to the user data to be stored on the localhost rather than being on the web which can be prone to hacking...Pleas e kindly help me these info.

    Thank you.
  • Atli
    Recognized Expert Expert
    • Nov 2006
    • 5062

    #2
    It's not really a big deal to allow remote access to a server on your local PC. However, as soon as you do it is no longer just a local server. It will be accessible from the web, and unless you are pretty good at managing such things, you are just as (if not more) likely to get hacked.

    Note also that when database servers are hosted on the same server as the HTTP server, or on a closed network, which is usually the case with paid hosts, then they are far less likely to be hacked than database servers open to remote traffic. You'd do better to use the database provided by your host.

    Comment

    • Easytime
      New Member
      • Nov 2012
      • 26

      #3
      Ok...but assuming I have decided that I want to go ahead to use my local pc for databases, what do I do in this situation? How do I configure my pc, phpmyAdmin(on my pc), and the www web phpserver to meet this need? Please help me. Thank you.

      Comment

      • Atli
        Recognized Expert Expert
        • Nov 2006
        • 5062

        #4
        OK. Just for the record, though, this is a bad idea.

        With that said, there are really only four things you need to do to allow MySQL remove connections.

        But before I get into that, there is one more thing to point out. phpMyAdmin has nothing to do with this kind of thing. It's only a front-end application for the MySQL server, aimed at helping application developers interact with the data stored by MySQL in a simple way. You'll have to configure the MySQL server iteself to set this type of thing up.

        Ok then, the four steps:
        1. Configure MySQL to accept connections from remote addresses. Make sure the skip-networking directive is not on, and set the bind-address directive so that it will listen for connections coming in from remote clients. For a PC connected to the internet via a router, this will be the IP address of the PC on the router's network (like 192.168.1.64, for example), but if the PC is connected to the net directly, it will be the public IP of the connection, assigned to you by the ISP.
        2. Make sure that any network routing devices between your PC and the cloud are set to forward the port though which MySQL listens (usually 3306) to your PC. If you don't know how that works on whatever routers you are using, you can usually find simple instructurs on that by Googling "port forwarding <router name>".
        3. Make sure all firewalls between your PC and the cloud are set to allow traffic to MySQL, through the port you set above. You'll typically have at least one firewall on the main router, and one on the PC itself. Both will have to be configured, as well as any additional firewals you may have.
        4. From inside MySQL, use the GRANT and/or CREATE USER commands to create users that are allowed from remote locatins. Usually you'll want to be specific about where they can connect from. Figure out the IP of the HTTP server host and use that for all the users used by the PHP applications. This will limit the access so that the server will be less easy to hack.

          For example:
          Code:
          GRANT SELECT, UPDATE, INSERT
          ON mydatabase.*
          TO 'remoteuser'@'192.0.43.10'
          IDENTIFIED BY 'remoteUsersPassword'


        That takes care of the MySQL side. From your PHP application, there is really only one change needed. Change the hostname used by the MySQL connection in the code to the IP address/domain of the new MySQL server. You'll also have to make sure the username and password match up with the new remote users you created.

        Comment

        • Easytime
          New Member
          • Nov 2012
          • 26

          #5
          Thank you, I will try this up...where I run into a mixup, I will let you know asap...Thanks once again...Though am still not cleared. But I am grateful.

          Comment

          • zmbd
            Recognized Expert Moderator Expert
            • Mar 2012
            • 5501

            #6
            EasyTime:

            I had to go back and re-read this thread twice to make sure what I was reading was what you wanted.

            You REALLY should head Atli's advice and do NOT try to Host the user information yourself!

            I'm from the "Old" school of the computer world when a 30baud dial-up modem was blazing fast and the Timex-Sinclar-Z80 processors were hot! (and when we overclocked them they'd get a tad hot };-) )

            I'll tell you this... most homegrown servers are dead easy to break! You can not fully protect the server with just a software firewall - You WILL need the hardware too! And I will assure you that you will get hacked. My home PC sits behind a hardware firewall and a router in addition to the software... you should see the number of inbound hits I get in the logs from people out there looking for an unsecured server... even full portscans... good thing I don't have a static IP!

            You will also more than likely want some sort of encryption should you be storing anything that a criminal could use for id-theft (SSN, DOB, Address, Telephone, Family relationships, and so much more depending on the country)

            Just from a legal standpoint you should not do this yourself unless you have a good deal of insurance! You can be personally held liable for any information that is leaked if the users can prove that you were even marginally negligent.

            Comment

            • Easytime
              New Member
              • Nov 2012
              • 26

              #7
              Dear Zmnd,

              I really appreciate your contribution. Thanks a lot...However, it's not that I really want to host the database server. I only want to know how possible it is to do that if I wanted to...what are really the things involved in hosting a database server and how can/should it be done?

              Anyway, thanks all the same.

              Comment

              • Atli
                Recognized Expert Expert
                • Nov 2006
                • 5062

                #8
                Setting up the host is the simple part of all this. If you want to set up a host and keep it secure, you need to know a lot about the systems involved; everything from the network hardware, to the OS running on the server, to the database software itself. Every piece of hardware and software used can potentially be configured in such a way that it leaves holes open for hackers to exploit. You need to know enough to make sure that won't happen.

                It's also important to keep the software updated and keep your own knowledge current. A lot can happen in a small amount of time, and if a known vulnerability goes unnoticed by you for long enough, it will be exploited. - Setting up a secure host is not a "set-it-and-forget-it" kind of deal. It requires constant attention.

                Comment

                • Easytime
                  New Member
                  • Nov 2012
                  • 26

                  #9
                  Atli, you have all said it's possible and it's simple....but you have not suggested HOW. How can it be done? What other steps do I require to setup?

                  thank you.

                  Comment

                  • zmbd
                    Recognized Expert Moderator Expert
                    • Mar 2012
                    • 5501

                    #10
                    Post #4
                    Equipment specifications are up to you.

                    Comment

                    • Easytime
                      New Member
                      • Nov 2012
                      • 26

                      #11
                      Atli, you have not said some suggestive and conclusive enough. what do you mean by 'Equipment specs are up to you'? I need to know how to setup the equipment - i.e, the configuration. How to configure these equipment is my concern now.
                      Can you help?

                      thank you.

                      Comment

                      • zmbd
                        Recognized Expert Moderator Expert
                        • Mar 2012
                        • 5501

                        #12
                        You will have to go to school... as in a University, to get all of the technical know-how you'll need to setup a full fledged server along the lines of what you appear to be asking for in construction.

                        I CAN NOT STRESS ENOUGH THE INFORMATION I POSTED IN #6 AND IN ATLI's IN #4

                        However, start with this tutorial... how to have fun with that old computer sitting in the closet - as you're talking about a church group, I'd figure you'll need to do this on the cheap-cheap so: How to Setup a Dedicated Web Server for Free


                        >>>EDIT>>> You'll also want to read thru the following. Although they aren't specfic to the type of server you're after (and in the above tutorial) a lot of good points area made within the article: Home-Web-Server-Security-Part-1 and Home-Web-Server-Security-Part-2.htm
                        Last edited by zmbd; Dec 4 '12, 09:54 PM. Reason: [Z{Added a reference about security considerations}]

                        Comment

                        Working...