Connecting to web mySQL Server from local exe file

Posted on 2010-01-03
Last Modified: 2013-11-23
I have a Virtual Private Server running Windows 2003 Server and IIS 6.0 and have just installed mySQL 5.1.

I have a small Delphi program that I wrote and which I only used personally. This program previously accessed the mySQL server on my local PC.

I have recompiled the program to access my static IP address as the mySQL host instead of localhost and it works fine -  a wee bit slower but still ok.

- Is there any reason (security?) that I shouldn't do this?
- What precautions should I take on my server to stop any potential problems


- is what I am doing just fine and dandy? I want to roll the program out to a few (approx 10) colleagues by emailing them the exe file to run locally.

The app works fine; I don't really want to re-write it to run in a browser because my 10 colleagues all use Windows.


Question by:WeeStinker
    LVL 31

    Accepted Solution

    (1) Don't embed any usernames or passwords in your app.  

    (2) The usernames and passwords, particularly Root, have got to be difficult to crack.

    (3) If you've tested your program in single-user mode bear in mind that if your colleagues are inserting records at the same time, or thereabouts, information in the record could be mixed up if you're not taking appropriate steps (such as locking).

    (4) Other users of your program might not be so careful in doing things as you are, so are you preventing (for example) multiple instances of the program from running?
    LVL 22

    Expert Comment

    As long as you are the only user of your PC,you should have no worries ....
    LVL 18

    Assisted Solution

    Obviously you will have to port forwar, through your Internet router, port 3306, the TCP/IP port that MySQL uses. By doing so, you expose your MySQL Server to potential hackers and their use of Brute Force password cracking techniques. So, this is a security risk. Anytime you expose anything to the Internet, you have a potential security problem.

    As moorhouselondon has stated, you MUST use strong passwords. DO not use dictionary words. Use upper and lower case letters, numeral and characters.

    However, one thing I take exception to in moorhouselondon post is item 3. MySQL, a robust SQL server implementation built for many users and multiple users at the same time, will take into account appropriate record locking, howere changes on a record changed by user A and viewed by user B will not be seen until and unless your application does a requery or refresh.

    My .02 cents anyway!

    LVL 31

    Expert Comment


    I agree that, *with correct design*, this is of course the case, but this depends for example on how the tables are designed, the interaction between tables when edits and inserts are performed, and the SQL Engine being used (the choice of Innodb and Isam, or something else is not a choice to take lightly).  For instance, building Rollback into a design is not a trivial task, there being trade-offs in terms of performance and deadly-handshake situations.

    >As long as you are the only user of your PC,you should have no worries ....

    If the app is being rolled out to ten colleagues then potentially they can be inserting and updating records in the database at the same time.

    Author Closing Comment

    Thanks guys.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
    Both Easy and Powerful How easy is PHP? (  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video discusses moving either the default database or any database to a new volume.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now