Distributed software with MySQL

Discussion in 'OT Technology' started by [AWD] Major Dumps, Aug 3, 2005.

  1. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    So i'm writing some internet software using C++ and MySQL. I realize that because of the flexability of MySQL, I can actually run the software as a distributed system with very few changes.

    The client programs will be communicating directly with the MySQL server. They will all log in under one username and will only be able to perform INSERT and UPDATE actions on the database. (I might change this policy later.)

    I'm using the MySQL C API and it works pretty well so far. I have a couple questions, however:

    1.) Are passwords transmitted in plain text? This simply won't do because it would allow someone to use a console and log into my server.
    2.) Is it even worth thinking about trying to write a distributed app with MySQL? What things can I do to secure the database and keep it from harm? What types of vulnerabilites are there?

    This is a side project for entertainment and nothing more. I code in my spare time. I'm willing to hear your input. Thanks.
     
  2. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,921
    Likes Received:
    10
    Location:
    Los Angeles
    Yes, passwords are transmitted in plaintext. What you'll have to do is write seperate software just to handle incoming packets. I think you might be able to get away with a simple PHP decryption method on the server. That way, you can encrypt the data that's being sent, then unencrypt it on the server.

    A few years ago, I would have said no. But, MySQL has come a long way and can definatly manage large amounts of data querying simultaneously. Performance will rely on how well written your application is, how scalable your database design is, and your queries. I think the most major flaw is the data that is being sent FROM the client, to the server (database). If the data that is being sent is "private", you may want to consider writing server-side software to manage those incoming packets. And you'll also have to write alternate methods for packetloss. You don't want half-assed data coming. Again, all that stuff could be managed by the server. As for MySQL vulnerabilities, I havn't kept too much up to date on that stuff. You may want to consider doing some research and looking through the bugtraq archives.
     
  3. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    I was hoping i wouldn't have to write a server and encryption into it. this is going to take a little while longer than i originally planned.

    anyone have a simple encryption library they can pull out of their pockets?
     
  4. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    Connect to mysql using SSL. That will encrypt your traffic for you.
     
  5. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
  6. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    I hope your mySQL instance is running on a non-win32 system. :hsugh:

    EDIT: What kind of software are you developing? Sounds interesting
     
    Last edited: Aug 3, 2005
  7. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,921
    Likes Received:
    10
    Location:
    Los Angeles
    This would work too. :mamoru:
     
  8. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    for right now, it is. i have a linux box, i'm just not worried about setting it up until i release it. this is mostly an excercise in programming for me. it's supposed to crawl web pages, pull out words and report those to a database. i could then see what the most used word on the internet is. or something simple like that. right now, it can query the database for pages to get, grab those pages and return results. the data coming back is raw and un processed (at the moment). i'm still working bugs out of the system. this is a very interesting project for me and i'm really enjoying working on it.
     
  9. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    this thing is riddled with bugs. i need a good library for fetching files from http servers and returning strings w/ the content. something that won't break under any circumstances (even malformed url's). i know it's easy to code, but i don't like winsock so i'm using 3rd party bits of code that find ways to screw up even if i put error checking into them.
     
  10. FagaBeefe

    FagaBeefe I live for my initials

    Joined:
    Sep 10, 2002
    Messages:
    1,508
    Likes Received:
    0
    MySQL has encryption functions built in. Look at the DES_ENCRYPT function. I think it can be mimiced in C++ and both your program and MySQL can use the same key.
     
  11. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    yes, but you are talking about a manual function you can use AFTER you are already conencted. It's the authentication part that he needs to encrypt, otherwise passwords are sent in clear text
     
  12. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,921
    Likes Received:
    10
    Location:
    Los Angeles
    That's for encryption on the server-side of the application. He needs to encrypt the data being SENT to the server.
     
  13. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    i'm not worried about encryption just yet. right now it's crashing from bad strings or something. how robust is the string library? because i need the string functions for finding and removing stuff from the files i receive. they're all in plain text.
     
  14. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    man, if you're dealing with a bunch of files and strings, you might want to think about perl. It's a great language for general text manipulations. I don't know if using standard C would really gain you anything. My latest app on mysql was written in C#. The .NET db libraries for mysql are really nice.
     
  15. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    yeah. i'm starting to think that. can you compile perl into a binary?
     
  16. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    I wish I could find the thread, but over on Arstechnica, there was a guy doing a comparision of perl, python, and C to parse a 500mb file. Perl took 2 minutes to parse it, Python a bit longer, and C took somewhere around 35 seconds. I really wish I saved the thread. It was interesting. This was just something that I thought about pointing out.


    An idea that you could do is use something like httrack, that is a web site downloader. You could download the site, and then take your program and scrape over the actual files that way. Just an idea.
     
  17. [AWD] Major Dumps

    [AWD] Major Dumps ahhhh this is a good dump

    Joined:
    Aug 8, 2003
    Messages:
    4,326
    Likes Received:
    0
    Location:
    All like close to Seattle and shit
    i fixed the errors. the link parser can't handle people's shitty html coding :squint: i found spaces and even line breaks in "href" parameters. what the fuck were these kids thinking?
     

Share This Page