[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Connecting to web mySQL Server from local exe file

Posted on 2010-01-03
Medium Priority
Last Modified: 2013-11-23
I have a Virtual Private Server running Windows 2003 Server and IIS 6.0 and have just installed mySQL 5.1.

I have a small Delphi program that I wrote and which I only used personally. This program previously accessed the mySQL server on my local PC.

I have recompiled the program to access my static IP address as the mySQL host instead of localhost and it works fine -  a wee bit slower but still ok.

- Is there any reason (security?) that I shouldn't do this?
- What precautions should I take on my server to stop any potential problems


- is what I am doing just fine and dandy? I want to roll the program out to a few (approx 10) colleagues by emailing them the exe file to run locally.

The app works fine; I don't really want to re-write it to run in a browser because my 10 colleagues all use Windows.


Question by:WeeStinker
LVL 31

Accepted Solution

moorhouselondon earned 1000 total points
ID: 26167263
(1) Don't embed any usernames or passwords in your app.  

(2) The usernames and passwords, particularly Root, have got to be difficult to crack.

(3) If you've tested your program in single-user mode bear in mind that if your colleagues are inserting records at the same time, or thereabouts, information in the record could be mixed up if you're not taking appropriate steps (such as locking).

(4) Other users of your program might not be so careful in doing things as you are, so are you preventing (for example) multiple instances of the program from running?
LVL 22

Expert Comment

ID: 26167415
As long as you are the only user of your PC,you should have no worries ....
LVL 18

Assisted Solution

Johnjces earned 1000 total points
ID: 26168234
Obviously you will have to port forwar, through your Internet router, port 3306, the TCP/IP port that MySQL uses. By doing so, you expose your MySQL Server to potential hackers and their use of Brute Force password cracking techniques. So, this is a security risk. Anytime you expose anything to the Internet, you have a potential security problem.

As moorhouselondon has stated, you MUST use strong passwords. DO not use dictionary words. Use upper and lower case letters, numeral and characters.

However, one thing I take exception to in moorhouselondon post is item 3. MySQL, a robust SQL server implementation built for many users and multiple users at the same time, will take into account appropriate record locking, howere changes on a record changed by user A and viewed by user B will not be seen until and unless your application does a requery or refresh.

My .02 cents anyway!

LVL 31

Expert Comment

ID: 26168990

I agree that, *with correct design*, this is of course the case, but this depends for example on how the tables are designed, the interaction between tables when edits and inserts are performed, and the SQL Engine being used (the choice of Innodb and Isam, or something else is not a choice to take lightly).  For instance, building Rollback into a design is not a trivial task, there being trade-offs in terms of performance and deadly-handshake situations.

>As long as you are the only user of your PC,you should have no worries ....

If the app is being rolled out to ten colleagues then potentially they can be inserting and updating records in the database at the same time.

Author Closing Comment

ID: 31672185
Thanks guys.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question